WAS, WSS and WSC

WAS, WSS and WSC.Web* are the core components of the security infrastructure we implement in the 52N Security Community.

• WAS (Web Authentication Service): Authenticate users and return a SAML ticket
• WSS (Web Security Service): Restrict access to your OGC Web Service
• WSC.Web (Web Security Client for the Web): Easy access to protected services from anywhere

Deploying these components in their current versions will enable you to

• authenticate users by means of username and passoword based on user information stored in an XML file
• protect layers of OGC Web Mapping Services from unauthorized access, including simple spatial restricions for GetFeatureInfo requests
• access protected service with any standard WMS client

Flexibility

The service implementations provide for extensibility, so it is easy to implement new authentication methods (beyond username/password) or authorization capabilities (beyond access to WMS layers)

Our Prospect

Of course, just implementing these services is not satisfactory for us. We are also working on new concepts to move the security infrastructure forward. Just a few keywords:

• Interface development: We started to adopt OASIS WS-S (and thus SOAP) interfaces to support mainstream IT Web Services Security standards.
• Standardization: We were engaged in the OGC including OWS-3 and OWS-4 testbeds and provide prototype implementations of newly sepcified services
• Licensing: We started to implement components that provide access to services depending on licenses and can be used to negotiate licenses between service provider and client (or better: customer). Imagine a customer who has to accept a creative commons-like license before she can access a service.

* The services WAS and WSS are based on specifications developed by the GDI NRW initiative already in 2002