Security Standard allows the hosting of OGC Web Services (OWS) over HTTPS as well as the implementation of Information Assurance
The Open Geospatial Consortium (OGC) seeks public comment on the OGC Web Services Security Candidate Standard.
For years various implementations of OGC Web Services have integrated some degree of security through Information Assurance (IA) controls . However, these implementations break interoperability, as they each extend the functionality of OGC Web Service (OWS) standards differently. As such, interoperability between secured OGC Web Services and clients is limited to systems custom-built to work with an IA implementation.
The objective of the OGC Web Services Security Standard is to allow the hosting of OWS on HTTPS, the implementation of IA controls and to advertise its existence in an interoperable way with no impact to existing implementations using a backwards-compatible approach. No changes to existing OGC Web Services standards are required. The approach used in this candidate standard is based on existing functionality in the OGC Web Services Capabilities document in a consistent manner.
Uptake of the standardized approach as a build-in to new OGC Web Services standards will ensure security interoperability.
The candidate OGC Web Services Security Standard is available for review and comment at portal.opengeospatial.org/files/77693. Comments are due by 2 April 2018 and should be submitted via www.opengeospatial.org/standards/requests/164.