No Security Considerations for SensorML #108
Assignees
Labels
ready
Was discussed during a telecon and a decision was made
Comments
|
Discussed during 01/09 telecon. Will add two things in the "Security Considerations" section: Encryption: "Implementations of this Standard may also store confidential or sensitive data (e.g. in a database) for extended periods of time. In this case, encryption at rest is also recommended, especially if data is hosted on a shared infrastructure (e.g. public clouds)." + also recommend encryption in transit Also refer to the securityConstraints property as the place to tag the document with security constraints (e.g. military classification). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This public comment is respectfully submitted by the Web Service Technical Panel (WSTP) of the Defence Geospatial Information Working Group (DGIWG). This comment is specifically directed toward 23-000 OGC SENSORML ENCODING STANDARD. The Security Considerations section states there are no security considerations, one risk is that data is tampered with (at rest / in transit) – should this be a consideration (perhaps with others) for this section? There is a later hint of the ability to have access restrictions (page 54), however, this is not mentioned early on in the document.
The text was updated successfully, but these errors were encountered: