50
Copyright © 2015 Open Geospatial Consortium.
choice element
ref =
ows:HTTP
choice complexType
element
9.2 Recommendations for OGC Standardization
This chapter outlines a few short recommendations to address the “missing bits” required to enable security. Please read the entire Engineering Report to find all
recommendations
12
.
9.2.1 Define a common security architecture
In order to guarantee interoperability for OGC Web Services that have implemented one or multiple of the outlined security frameworks protected services, the OGC members
need to define a Common Security Architecture for OGC Web Services and Clients. This could be achieved by establishing a Web Services Security SWG which charter to include
to define a Common Security Capabilities extension, WSDL documents including guidance how to embed WS- and WS-Policy when using SOAP as well as defining a
common approach to the OGC Publish Find Bind paradigm for protected services.
The crafting of that charter could be take place within the realm of the OGC Security Working Group, perhaps in liaison with the OGC Architecture DWG.
9.2.2 All OGC Web Services standards to include Security considerations
For each OGC Web Service standard that endorses the use of security by including security standards related normative references as outlined before, each and every
standard shall contain a section on security considerations. This section shall outline security implications based on the data and processing model and in particular on the
operations of the service.
The implications should consider that implementation of all the introduced ISO frameworks are required. Therefore, the implications towards the implementation of the
authentication, access control, confidentiality, and integrity but in particular the non- repudiation framework shall be included.
12
The editor decided not to copy and paste all recommendation into one single section as it would mean to separate the recommendation from the meaningful context.
Copyright © 2015 Open Geospatial Consortium.
51
9.2.3 Define and Describe Common Security in Capabilities document
The description for the implementation of the security frameworks, as part of the Common Security, should be in the Capabilities document. In particular, ows:Constraint
shall be included for each operation.
ows:Constraint name
= authentication
ows:AllowedValues ows:Value
urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser ows:Value
ows:Value urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp
ows:Value ows:AllowedValues
ows:Metadata xlink:href
= http:www.unibw.de...inspireauthCodelists.xmlAuthenticationCode
ows:Constraint
9.2.4 GetCapabilities operation