Copyright © 2009 Open Geospatial Consortium, Inc. 115 10.7.3 ODRL see [28] The Open Digital Rights Language ODRL Version 1.1 is a W3C Note that specifies an Expression Language and the representation in XML. It further defines the semantics of core expressions. The core entities of the ODRL Language are Assets, Rights and Parties. An Asset represents the content that is to be protected either in physical or digital form. Rights include Permissions that are the actual usage that are allowed on the asset. The Parties represent the end user consumer and the Rights holders that typically have been involved in the creation of the content or own it. The standard defines in the ODRL Data Dictionary Semantics section a set of core rights and their semantics for Permissions, Constraints, Requirements, Rights Holders and Context. This standard also provides extension points for the definition of project specific of data dictionary elements. One example given in the standard is associated to the mobile community, where rights such as ―ring‖ or ―send‖ are relevant.

10.8 Standards for Web Services

This section of the document provides an overview of standards, recommendations and other literature related to securing Web Services. 10.8.1 SOAP see [29] SOAP provides the foundation of communication for web services. SOAP defines a particular XML structure that separates the information of a message into a ―Header‖ and a ―Body‖ part. The ―Body‖ part of the message contains the actual information that is to be transported and the ―Header‖ element can keep optional security related metadata as it relevant to protect the ―Body‖ information as a whole or partially. SOAP supports multiple bindings, where the HTTP and HTTPS binding is the most common one. It enables the communication between sites using the ―standard‖ WWW port to pass through a firewall. Based on SOAP, WS-Security defines mechanisms and XML structures how to protect SOAP messages in an interoperable way so that it can be understand by the receiver toward integrity and confidentiality using XML Digital Signatures and XML Encryption. For some use cases, the input andor output of a web service might be in binary format instead of XML. For these cases, a base64 encoding of the binary data can be transported in the SOAP Body. However this is possible, the base64 encoding increases the size of the information and XML parsing or digital signatures and encryption face a decrease in 116 Copyright © 2009 Open Geospatial Consortium, Inc. performance. In order to exchange binary data via SOAP, SOAP with attachments can be used. 10.8.2 WSDL see [30] In order to bind to a web services, its network end points operations and binding and the SOAP structure of input and output message can be described using the Web Services Description Language WSDL. More precise, WSDL is a W3C note that defines a model and the XML notation to describe web services to support ease of use by the following elements: The ―types‖ element describes the messages that can be received and send by the web service The ―interface‖ element contains information about the functionality of the web service The ―binding‖ element has the information of how to access the web service The ―service‖ element provides the actual network endpoint where the web service can be accessed WSDL 2.0 supports a full HTTP binding including GET POST DELETE PUT etc. and SOAP. 10.8.3 WS-Addressing see [31]