68 The goal of the OSS Initiative 52°North's Working Group Security is to develop an access control system for spatial data infrastructures. This system allows data providers to regulate access to non-public data and services without changing the standardized service interfaces or client applications. It may be used to customize service supply, for example provide different views of the same service or data depending on the user. The Web Authentication Service (WAS) makes up the first part of access control to GI services. Upon successful authentication, a WAS issues a ticket to the user which verifies his or her identity during the interaction with a secured OGC Web Service. Such an authentication may take place using different authentication methods, like for instance the password based authentication. The Web Security Service (WSS) constitutes the heart of our security infrastructure. This web service acts as a gateway to an access protected OGC Web Service (OWS), e.g. Web Mapping Service. The WSS prompts a user to authenticate before any request is analyzed and forwarded to the OWS. If the user provides a valid ticket from a trusted Web Authentication Service, the WSS checks whether or nor a request is an authorized request by querying the appropriate user rights. If a request is authorized, the WSS forwards it to the secured OWS and returns the respective response to the user. Access to controlled services via arbitrary desktop applications which support access to Web Mapping Services (e.g. ESRI ArcMap) is provided for by a Web Security Client (WSC). The 52°North Web Security System may be used to customize service supply, for example provide different views of the same service or data depending on the user. This presentation will give an overview of the access control system's software components which are being developed within 52°North's Working Group Security. In addition to presenting the current state of the software developments, the presentation will outline the Working Group's future plans and report on the first lessons learned as a relatively young open source software engineering unit. FOSS4G2006 - Free And Open Source Software for Geoinformatics Session 2 : SDI-OGC-Security Jan Drewnak drewnak@52north.org Martin May may@52north.org Martin May may@52north.org SDI-SECURITY