[Requests] GeoServices REST API [Secure Dimensions comments on security]

Pat Cappelaere pat at cappelaere.com
Thu Aug 16 07:34:40 EDT 2012


Security has to be an integral part of a distributed enterprise system. 

On Aug 16, 2012, at 3:24 AM, Andreas Matheus <andreas.matheus at secure-dimensions.de> wrote:

> 1. Evaluator: Andreas Matheus, Secure Dimensions GmbH
> 2. Submission: GeoServices REST API
> 1. Requirement: n/a
> 2. Implementation Specification Section number: n/a
> 3. Criticality: Major
> 4. Comments/justifications for changes: Please provide comprehensive security considerations.
> This submission touches new ground in OGC standardizing describing an API for all OGC Web Services. It is hard to believe that such a comprehensive submission does not provide any security considerations at all. And this despite the fact that various activities in OGC regarding security have been taken place; also most recently.  
> As it is good practice to follow other standardization organizations such as OASIS and IETF, I do encourage the submitting organizations to provide comprehensive security considerations outlining how security regarding confidentiality, integrity, authentication and authorization can be achieved. In particular please include a normative section regarding the use of HTTP error codes and exceptions in cases where a service endpoint requires authentication or the access is not authorized.
> Andreas
> ==================================
> Secure Dimensions GmbH
> Waxensteinstr. 28, 81377 Munich, Germany
> Managing Director: Andreas Matheus
> Chamber of Commerce Munich: HRB 178441
> Web: http://www.secure-dimensions.com
> Phone: +49 (0)89 38151813
> _______________________________________________
> Requests mailing list
> Requests at lists.opengeospatial.org
> https://lists.opengeospatial.org/mailman/listinfo/requests

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opengeospatial.org/pipermail/requests/attachments/20120816/b2e83fad/attachment.htm>

More information about the Requests mailing list