GeoXACML SWG

 

1.    GeoXACML Standards Working Group

 

2.    Purpose of this Standards Working Group

One purpose of the persistent GeoXACML Standards Working Group (SWG) is to develop an OGC Web Services Profile of GeoXACML and to progress it to the state of an adopted OGC standard. This profile will standardize the guidelines how to use GeoXACML to protect OGC Web Services and thereby providing enhanced interoperability in GeoXACML based access control systems for OWS. This profile will also support an easier applicability and implementation of XACML or GeoXACML based access control systems in OWS environments, as the guidelines in the profile that describe precisely how to use the access control language in the OWS use case, will be less generic.

Another purpose of the persistent GeoXACML SWG is to coordinate OGC's work on GeoXACML with the work of the OASIS XACML WG. The aim of this cooperation is to harmonize the closely related and sequential work of both standardization bodies. As shown in the OWS-6 GeoXACML ER (09-036), it is desirable to develop Change Request Proposals (CRPs) for GeoXACML's underlying base standards (e.g. OASIS' eXtensible Access Control Markup Language (XACML) Version 2.0 specification, the Hierarchical resource profile of XACML v2.0 and the Multiple resource profile of XACML v2.0) These CRPs will help improve the underlying standards and enable them to handle the OWS specific requirements.

This SWG will also evaluate and resolve CRPs referring to the OpenGIS® GeoXACML implementation specification and incorporate all submitted CRPs into a candidate revision of the GeoXACML v.1.0 standard. The SWG will ensure that all changes are consistent with the OGC standards baseline and business plan.

3.    Scope of Work

The initial Roadmap plan of this SWG can be divided into the following work items:

1.       Develop an OGC Web Services Profile of GeoXACML and progress it to the state of an adopted OGC standard. The following topics have to be covered in the OGC Web Service Profile of GeoXACML (for details see 09-036 - the OWS-6 GeoXACML ER)

o    guidelines for interoperable (Geo)XACML access control decision requests in the OWS context

o    guidelines for interoperable (Geo)XACML access control rules for OWS

o    guidelines how to use XACML's obligation mechanism in an OASIS conformant way in the OWS use case

2.       Cooperation and coordination with OASIS' XACML WG. As explained above and in detail in the GeoXACML ER, it is necessary and promising to improve the OASIS Multiple and Hierarchical resource profile of XACML and the XACML specification itself, in order to be able to handle the complexity of the access control for OWS use case adequately.

3.       Cooperation with other OGC Working Groups. Members of the Security DWG, OWS Common DWG and GeoXACML SWG should cooperate and coordinate their work in order to generate interoperable, general-use and harmonized security solutions. Some topics that need to be addressed by these cooperating groups are (for details see 09-036):

o    develop unique guidelines how to bind return values of the access control process and other Security Services with OWS responses and how to bind security information to OWS requests

o    define standardized security related exception codes

o    define normative bijective transformation rules between different protocol bindings (e.g. transform uniquely from KVP encoded OWS requests to XML encoded requests)

o    ensure an interoperable interplay of GeoXACML with other services of OGC's security architecture

o    specification of minimal requirements for OWS specifications in order to support the sound and strait forward applicability of generic security solutions for OWS

4.       Another scope of work of this SWG will be to process CRPs referring to the GeoXACML Standard. Hence the SWG will collect all GeoXACML related CRPs, evaluate each of these proposals, and make edits to the standard based on change requests and related decisions of the SWG membership. Changes required to the standard to align it with revisions of the standards baseline or business plan also require the submission of CRPs. The SWG may announce a cut-off date for the submission of CRPs that are to be addressed in the next revision. Additional CRPs submitted after the cut-off date may be addressed at the discretion of the SWG based on criticality of the change and available time and resources. The SWG may decide to address selected CRPs immediately in a corrigendum of the current standard.

3.1       What is out of scope?

Only those change requests submitted through the formal process as identified in the OGC TC Policy and Procedures will be addressed. Therefore, any items suggested through emails, vocal discussions, etc. will be outside of the scope of this SWG until formally submitted.

3.2       Specific Contribution of Existing Work as a Starting Point

The starting point for the work will be version 1.0 of the OpenGIS® GeoXACML implementation specification (07‑026r2), OASIS' eXtensible Access Control Markup Language (XACML) Version 2.0 specification, the Hierarchical resource profile of XACML v2.0 and the Multiple resource profile of XACML v2.0.

3.3       How it is to be Determined when the Work of the SWG has been Completed?

The GeoXACML SWG may dissolve after the following milestones have been achieved (note that this is not automatic as the GeoXACML SWG is a persistent SWG):

  • Approval by the SWG membership of a recommendation to submit an OGC Web Services Profile of GeoXACML document to the TC for consideration as an OGC Adopted Standard.
  • Approval by the SWG membership of a recommendation to submit a document to the TC for consideration as a revision of the OpenGIS® GeoXACML Standard deprecating the current version.
  • The OGC Web Services Profile of GeoXACML or a revision of the GeoXACML standard has been approved by the OGC Technical and Planning Committees.
  • The SWG has completed the evaluation, resolution and incorporation of all CRPs submitted prior to the cut-off date into the candidate revision of the standard.
  • Completion of a 30 day public comment period.

4.    Description of deliverables

The initial focus of this SWG will be to develop the following two deliverables:

  1. (Candidate) standard: the OGC Web Service Profile of GeoXACML
  2. Change Request Proposals for GeoXACML's underlying base standards (e.g. OASIS' eXtensible Access Control Markup Language (XACML) Version 2.0 specification, the Hierarchical resource profile of XACML v2.0 and the Multiple resource profile of XACML v2.0).

Other deliverables might result from the work of this SWG, after the two deliverables mentioned above have been completed. The SWG might e.g. continue work on the GeoXACML specification and deliver a candidate for the revision of the OpenGIS® GeoXACML 1.0 Standard for submission to the TC.

The schedule of activities will be documented on the Twiki pages of this SWG and shall be updated by the SWG after every TC meeting. The current plan is to submit a candidate of the OGC Web Services Profile of GeoXACML as soon as possible; ideally before the December 2009 TC meeting. The coordination work between the GeoXACML SWG and the OASIS XACML WG can start as soon as the organizational frame (within the OGC and between the OGC and OASIS is established).

5.    IPR Policy for this SWG

RAND-Royalty Free.

6.    Anticipated Participants

The targeted participants of the GeoXACML SWG are those involved in the design, development, implementation, or use of GeoXACML or XACML based access control systems for (OGC) Web Services as well as spatial content providers, traders or users and prospective GeoXACML users. This includes participants of standards working groups of the OGC which develop and maintain OGC standards that can be secured by GeoXACML or referencing GeoXACML.

7.    Other informative information about the work of this SWG


a. Similar or applicable standards work (OGC and elsewhere).

  • OASIS' XACML WG - XACML 3.0 and certain profiles of XACML 3.0
  • OGC's OWS Common DWG - OGC Web Service Common specification
  • W3C's XML XPATH and XQuery WG

The SWG will seek and if possible maintain liaison with each of the organizations/WGs maintaining the above works.


b. Details of the first meeting

The first meeting of the SWG will be held as a face-to-face meeting during the June 2009 OGC TC meeting in Boston

c. Projected on-going meeting schedule

The work of the SWG will be carried out primarily by email, Twiki, conference calls and with face-to-face meetings perhaps at each of the OGC TC meetings.

d. Supporters of the Proposal

The following people support this proposal and are committed to the Charter and projected meeting schedule. These members are known as SWG Founding or Charter members. Once the SWG is officially activated, this group is immediately "opted-into" the SWG and have voting rights from the first day the SWG is officially formed. Extend the table as necessary.

 

Name

Organization

Jan Herrmann

Technische Universität München

Andreas Matheus

Universität der Bundeswehr München

Cristian Opincaru

Secure Dimensions GmbH

Martin Kyle

Sierra Systems, Inc.

Ron Lake

Galdos Systems, Inc.

David Burggraf

Galdos Systems, Inc.

David Wesloh

National Geospatial-Intelligence Agency

 
e. Convener(s)

Jan Herrmann, Technische Universität München.