[Requests] GeoServices REST API [Secure Dimensions comments on security]

Andreas Matheus andreas.matheus at secure-dimensions.de
Thu Aug 16 03:24:12 EDT 2012


PART A

1. Evaluator: Andreas Matheus, Secure Dimensions GmbH
2. Submission: GeoServices REST API

PART B

1. Requirement: n/a
2. Implementation Specification Section number: n/a
3. Criticality: Major
4. Comments/justifications for changes: Please provide comprehensive
security considerations.

This submission touches new ground in OGC standardizing describing an API
for all OGC Web Services. It is hard to believe that such a comprehensive
submission does not provide any security considerations at all. And this
despite the fact that various activities in OGC regarding security have been
taken place; also most recently.

As it is good practice to follow other standardization organizations such as
OASIS and IETF, I do encourage the submitting organizations to provide
comprehensive security considerations outlining how security regarding
confidentiality, integrity, authentication and authorization can be
achieved. In particular please include a normative section regarding the use
of HTTP error codes and exceptions in cases where a service endpoint
requires authentication or the access is not authorized.

Andreas
==================================
Secure Dimensions GmbH
Waxensteinstr. 28, 81377 Munich, Germany
Managing Director: Andreas Matheus
Chamber of Commerce Munich: HRB 178441
Web: http://www.secure-dimensions.com
Phone: +49 (0)89 38151813

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opengeospatial.org/pipermail/requests/attachments/20120816/b9c17ba4/attachment.htm>


More information about the Requests mailing list