OGC 13-100 v

i. Abstract

This standard defines the version 3.0 of a geospatial extension to the OASIS eXtensible Access Control Markup Language XACML Version 3.0 standard. It thereby enables the interoperable definition of access rights constraints using the XACML 3.0 language, processing model and policy schema but extends the ability to phrase conditions on geographic characteristics of subjects, resources and objects. In that sense, a GeoXACML policy could restrict access to geospatial information, e.g. provided by OGC Web Services. However, a GeoXACML policy could also restrict access to non geospatial assets by stating restrictions for access based on the location of the user or the mobile device used trying to access the protected assets. Therefore, this standard applies to main stream IT. For enabling processing of access control decisions based on geometry, Geospatial eXensible Access Control Markup Language GeoXACML 3.0 Core inherits by normative reference ISO 19125 which defines a geometry model and functions on geometry instances which enrich the XACML 3.0 specification. ii. Keywords The following are keywords to be used by search engines and document catalogues. ogcdoc, OGC document, standard, GeoXACML, XACML, access control, geometric XACML iii. Preface This document defines the version 3.0 of the geospatial extension to the OASIS eXtensible Access Control Markup Language XACML Version 3.0. It hereby supersedes the previous version GeoXACML 1.0 which defines the geospatial extension to OASIS extensible Access Control Markup Language 2.0. It is important to notice that version 2.0 of GeoXACML does not exist The geospatial extension defined by GeoXACML 3.0 Core uses the extension points from OASIS eXtensible Access Control Markup Language XACML Version 3.0 to introduce a new data type Geometry and functions that extend the set of available functions in XACML 3.0. The semantics of the data type Geometry and the functions introduced is defined in ISO 19125. In a nutshell, GeoXACML 3.0 defines the appropriate XML wrapper to fit OGC Simple Features into XACML 3.0. OGC 13-100 vi Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The Open Geospatial Consortium shall not be held responsible for identifying any or all such patent rights. Recipients of this document are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be aware that might be infringed by any implementation of the standard set forth in this document, and to provide supporting documentation. iv. Submitting organizations The following organizations submitted this Document to the Open Geospatial Consortium OGC: University of the Bundeswehr Oracle Defense Information Systems Agency DISA National Geospatial-Intelligence Agency NGA

v. Submitters