DESIGN SECURITY AND GEO-RIGHTS MANAGEMENT SERVICES IN SPATIAL DATA INFRASTRUCTURE Tomasz Kubik 1 , Witold Paluszyński 1 , Bartosz Kopańczyk 2 , Adam Iwaniak 3 , Paweł Netzel 4 1 Institute of Computer Engineering, Control and Robotics, Wroclaw University of Technology, Janiszewskiego 11/17, Wroclaw, Poland 2 GeoScope, Inc., Wrocław, Poland, 3 Institute of Geodesy and Geoinformatics,Wroclaw University of Environmental and Life Sciences, Norwida 25/27, Wroclaw 50-375, Poland 4Institute of Geography and Regional Development, University of Wrocław, Poland, e-mail: {tomasz.kubik|witold.paluszynski}@pwr.wroc.pl, bartek.kopanczyk@gmail.com, iwaniak@ar.wroc.pl, netzel@meteo.uni.wroc.pl Abstract Service-oriented architecture (SOA) is a concept of services, architecture and infrastructure that is being widely adopted in a geospatial information domain. It provides foundation for searching, obtaining and viewing spatial information in a distributed environment. The key actors on the scene are service providers and service consumers interacting remotely trough the Internet via HTTP protocol. However, because of open nature and features (such as service bus, service composition, and service virtualization) SOA adoption requires radical changes in the way the information resources are being developed and managed. The needs of setting up a new set of security requirements becomes substantial. Numerous studies on the security subject have been conducted in the IT domain. They resulted with security standards propositions which vary in degree of completion and commercialization, and even occasionally compete. The deficiencies in the open standards definitions are sometimes covered by the proprietary solutions implemented by the security software vendors, but they are related to the vendor technology and distributed on a commercial bases. Regarding geospatial information the research on securing data and services has not been finalized yet. Most recent spatial data infrastructure implementations follows the SOA paradigm and open standards defined by the OGC, ISO and INSPIRE. These standards include specification of GeoDRM architecture (digital rights management) and GeoREL (rights expression language, ISO/CD 19149) for geographic information. The article touches the problem of securing geospatial data and web services focusing on architecture of authorization services based on open standards and technologies. A special attention was given to the access protection to the OGC Web Mapping Services layers and other OGC Web Services. As a result some architecture scenarios were introduced and discussed together with the uniform supervised access mechanism to the functionality of the system components. Some security issues and solutions were