50 Copyright © 2015 Open Geospatial Consortium. choice element ref = ows:HTTP choice complexType element

9.2 Recommendations for OGC Standardization

This chapter outlines a few short recommendations to address the “missing bits” required to enable security. Please read the entire Engineering Report to find all recommendations 12 .

9.2.1 Define a common security architecture

In order to guarantee interoperability for OGC Web Services that have implemented one or multiple of the outlined security frameworks protected services, the OGC members need to define a Common Security Architecture for OGC Web Services and Clients. This could be achieved by establishing a Web Services Security SWG which charter to include to define a Common Security Capabilities extension, WSDL documents including guidance how to embed WS- and WS-Policy when using SOAP as well as defining a common approach to the OGC Publish Find Bind paradigm for protected services. The crafting of that charter could be take place within the realm of the OGC Security Working Group, perhaps in liaison with the OGC Architecture DWG.

9.2.2 All OGC Web Services standards to include Security considerations

For each OGC Web Service standard that endorses the use of security by including security standards related normative references as outlined before, each and every standard shall contain a section on security considerations. This section shall outline security implications based on the data and processing model and in particular on the operations of the service. The implications should consider that implementation of all the introduced ISO frameworks are required. Therefore, the implications towards the implementation of the authentication, access control, confidentiality, and integrity but in particular the non- repudiation framework shall be included. 12 The editor decided not to copy and paste all recommendation into one single section as it would mean to separate the recommendation from the meaningful context. Copyright © 2015 Open Geospatial Consortium. 51

9.2.3 Define and Describe Common Security in Capabilities document

The description for the implementation of the security frameworks, as part of the Common Security, should be in the Capabilities document. In particular, ows:Constraint shall be included for each operation. ows:Constraint name = authentication ows:AllowedValues ows:Value urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser ows:Value ows:Value urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp ows:Value ows:AllowedValues ows:Metadata xlink:href = http:www.unibw.de...inspireauthCodelists.xmlAuthenticationCode ows:Constraint

9.2.4 GetCapabilities operation