[[implementation]] == Compusult WIS implementation details === Web Integration Service endpoint The WIS endpoint consists of a WIS servlet endpoint, capabilities harvester, and database cache. To allow flexibility in the content returned by the WIS, the GetCapabilities response is generated on demand from a list of services. The list of service endpoints known to the WIS is specified in an administrator-configurable property. The WIS invokes a capabilities harvester to retrieves the capabilities for each known service. Metadata parsed from the capabilities responses are timestamped and cached in a database table. The timestamp is used by the WIS to decide whether to use the cached metadata or retrieve a fresh capabilities response. The WIS cache also records security information for each service. For the purposes of Testbed 12, the security information simply indicates whether or not the service is exposed in the WIS public capabilities. This could be extended in the future to accommodate additional security restrictions. === Security Compusult's WIS endpoint has been implemented as a component of Web Enterprise Suite (WES). Access to the WIS endpoint is controlled by WES, requiring authentication via HTTP Basic Auth or PKI client certificate. In addition to the regular service endpoint, the WIS implementation exposes a publicly-accessible capabilities URL that advertises security annotations as described by OGC 16-048 (OWS Common Security Extension ER). An unresolved issue is how to reconcile security restrictions for the WIS, its contents, and the catalog. In an operational scenario, the WIS and catalog could have separate authentication credentials. Each service in a WIS could have its own security constraints. Catalog publishing clients will need to be aware of this and handle authentication for each service appropriately. Additionally, a catalog containing anything other than public data will need to enforce security restrictions on the published records. Compusult's WIS implementation deals with these issues in the following manner: * With respect to visibility, each service is treated as simply either public or non-public. * When publishing to the catalog, the same authentication credentials are used for both the catalog and the WIS. * The public capabilities endpoints are used when publishing services to the catalog.