Work produced by OGC in recent years relating to security.


GeoXACML (11-017)

Andreas Matheus, Jan Herrmann

The Geospatial eXtensible Access Control Markup Language (GeoXACML) defines an extension to the XACML Policy Language that supports the declaration and enforcement of access restrictions on geographic information. GeoXACML is a geospatial extension to the OASIS standard “eXtensible Access Control Markup Language (XACML) Version 2.0”.

The extension to XACML is based on the extensibility points, as they are introduced in section 8 (p. 89, [1]). In short, GeoXACML defines:

  • the geometry model on which the geometric data types in access rules have to be based on,
  • the different encoding languages for geometric data types (which are provided in the extensions to this core specification),
  • the testing functions for topological relationships between geometries, and
  • the geometric functions.


OGC® Engineering Report for the OWS Shibboleth Interoperability Experiment (11-019r2)

Chris Higgins

This document reports on outcomes from the OGC Web Services Shibboleth Interoperability Experiment (OSI). The main objective of OSI was to advance the use of Shibboleth (an open source implementation of SAML) as a means of protecting OWS. In the process, OSI helped develop further understanding of this approach to establishing trusted federations of OWS. This report documents these findings and is intended to be of use to those interested in how Shibboleth/SAML access management federations may function as an organisational model for operational Spatial Data Infrastructure.

Authentication IE Engineering Report (10-192)

Jeff Harrison

Results of the Auth IE are presented in this Engineering Report document and serve as guidance to both implementers and organizations deploying solutions that involve basic authentication. It is the belief of the Auth IE participants that if such a document is made available to the community more OGC implementing products will natively support authentication.

OWS-7 - Towards secure interconnection of OGC Web Services with SWIM (10-155)

Andreas Matheus

This Engineering Report provides guidance and generate action items for the OGC standardization effort to properly enable security in the near future such that a seamless, interoperable but secure interconnection between OGC Web Services and FUSE ESB technology stack as selected by use in the System Wide Information Management (SWIM) System of the US Federal Aviation Administration (FAA) can be achieved.

OWS-6 Security Engineering Report (09-035)

Rüdiger Gartmann, Lewis Leinenweber

This Engineering Report describes work accomplished during the OGC Web Services Testbed, Phase 6 (OWS 6) to investigate and implement security measures for OGC web services. This work was undertaken to address requirements stated in the OWS-6 RFQ/CFP originating from a number of sponsors, from OGC staff, and from OGC members.

OWS-6 Secure Sensor Web Engineering Report (08-176r1)

Andreas Matheus

The main purpose of this Engineering Report is to introduce standards-based security solutions for making the existing OGC Sensor Web Services, as described in the OWS-6 SWE baseline, ready towards the handling of sensors in the intelligence domain.