exporting layers to OGC interfaces

[Daniel Morissette]

Bart van den Eijnden (OSGIS) wrote:
> Hi list,
> 
> I think there has been talk about this for several years now.
> 
> Currently there is no way to keep a LAYER from appearing in the
> GetCapabilities output from a OGC service.
> 

Yup, at least bugs 300 and 337 have discussed that:

http://mapserver.gis.umn.edu/bugs/show_bug.cgi?id=337
http://mapserver.gis.umn.edu/bugs/show_bug.cgi?id=300

Using an ows_export metadata as you suggest is another possibility.

> I think it was suggested in the past to adapt the DUMP keyword for this.
> 
> How about using a METADATA tag called ows_export which would have the
> following possible values:
> 
> 1. all
> 2. wms
> 3. wfs
> 4. wcs
> 5. sos
> 
> or any combination of 2-5. The default value would be all, i.e. the current
> behaviour.
> 

I think it should be possible to set ows_export at the top-level in the 
mapfile in which case the value would apply to all layers unless 
ows_export is set explicitly for some layers in which case the 
ows_export set in the layer takes precedence. This would allow setting a 
single ows_export value per mapfile in most cases.

Also, the default should be NONE. So if ows_export is not set in a 
mapfile then nothing is made available via OGC services... this would be 
a new behavior in MapServer 5.0 and would prevent accidental publication 
of data by those not aware of what OGC services are.


> The only thing which needs adapting then is checking for the value of
> ows_export in the GetCapabilities output code (for all of the OGC services
> that Mapserver supports) or not?
> 

It's not enough to check ows_export in GetCapabilities, we need to check 
the value for every request type (GetMap, GetFeature, etc.) to prevent 
clients from accessing restricted data by forging URLs manually.

As Frank suggested, it would be good to have a RFC for this.

Daniel
-- 
Daniel Morissette
http://www.mapgears.com/