OWS common security (client) validators

[fterpstra]

The hardest part in getting interoperable security to work for OGC services is support in client software. In Testbed 13 multiple clients with security support are being developed to pave the way for better support. The logical next step is a validator that can test if client software has correctly implemented OWS Common security. The importance is not just for support of authentication methods such as SAML or openid-connect/OAuth. It is especially useful for HTTPS support. Many organizations are making the switch from HTTP to HTTPS and with OWS common security it will be officially supported by OGC. Even such a simple switch can lead to many interoperability problems. Because in the past OGC never mandated HTTPS support, many clients have not implemented it. Therefor a a good validator for HTTPS support could prove very valuable. Also supporting modern security methods such as SAML and openid-connect/OAuth good give these a boost as well when a validator for them is available at the same time as an HTTPS validator. This validator could either be an extension to current OGC validators (at least one already does client validation for WMS) or an entirely new validator. Apperently the current OGC validators do not work well with HTTPS but this should be investigated further.

[ingosimonis]

Thank you, we address this topic in Testbed-14