2 Copyright © 2009 Open Geospatial Consortium, Inc.
for multiple systems that are connected with each other over insecure communication channels. And even more complex for a Service Oriented Architecture, as it is the basis
for the Sensor Web Services, the orchestration of services is dynamic which limits the applicability of network- or transport layer security.
In order to propose a secure sensor web, we also need to analyze the vulnerabilities and potential attacks that exist in the baseline and in the different ways of implementing the
identified requirements. This will be done for the baseline Sensor Web Services and the proposed security standards. Because this analysis is so exhausting that the scope is
limited to a given use case and its scenarios.
1.2 Non-goals
Any aspects related to physical and operational computer safety How to establish federated identity management
Configurationadministration of security services Multi national aspects
Service recovery after an attack was exercised
1.3 Assumptions
For this document, it is assumed that OGC Sensor Web Services are deployed on secure and trusted systems, as defined in [63]. Therefore, no threats are discussed nor taken
under considerations that result from an intrusion into these systems. It is further assumed that each actor in the Sensor Web either a person, a sensor or a
service is uniquely identified.
1.4 Relation to other documents in the OWS-6 initiative
The Engineering Report ―OGC Web Services Security‖ is a work item of the GPW thread in OWS-6. It addresses security aspects for all OGC Web Services. As the Sensor Web
includes services that supersede the services from the GPW thread, this document is a complement to that report.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The Open Geospatial Consortium Inc. shall not be held
responsible for identifying any or all such patent rights.
Recipients of this document are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be
aware that might be infringed by any implementation of the standard set forth in this document, and to provide supporting documentation.
Copyright © 2009 Open Geospatial Consortium, Inc. 3
1.5 Document contributor contact points
All questions regarding this document should be directed to the editor or the contributors:
Name Organization
Andreas Matheus AM Consult
Thomas Everding Institute for Geoinformatics, University of Muenster
Ingo Simonis Geospatial Research
1.6 Revision history
Date Release
Editor Primary clauses
modified Description
2008-12-11 0.1.0
Andreas Matheus All Creation
2009-09-03 0.2.0
Andreas Matheus 9.4, 9.5, 9.6, 9.7 Threats for SWE services
Vulnerabilities and attack analysis 2009-19-03
0.3.0 Andreas Matheus
Thomas Everding 9.8
12 Rating the attacks
Event pattern based communication and firewalls
2009-09-04 0.4.0
Andreas Matheus 9.5, 9.6, 9.7 all
Corrects Editorial issues
2009-27-05 0.5.0
Andreas Matheus 13 Recommendation added
2009-10-06 0.6.0
Andreas Matheus 9 Comments by Ingo Simonis
incorporated 2009-15-06
0.7.0 Andreas Matheus
Ingo Simonis 9
SWE Services operations analysis clarification
2009-10-09 0.3.0
Carl Reed Various
Prepare document for public release
1.7 Future work