The WFS response for a GetFeature operation is a FeatureCollection, which can be encoded in XML. For an XML encoded response, it is common practise that the WFS DescribeFeature operation is used to reference to the schema fragment that defines the features types included in the feature collection. As this schema portion is required to validate the XML document, it is problematic if the service endpoint is protected and so the DescribeFeatureType operation. In this case, it is recommended to use a URL that is fully comprised with security relevant information to enable the XML parser to gain access to the schema fragment. One approach could be to issue an OAuth access token with a short lifetime and attach that to the URL for obtaining the schema fragment that defines the involved feature types. In the case where the DescribeFeatureType operation is protected by HTTP Basic Authentication for example, the client implementation must add the proper user credentials with the request, which is difficult to implement in a safe way without exploiting the user credentials. Ergo, a non solution would be to create a DescribeFeatureType URL inside the FeatureCollection XML of the structure http://<user>:<password>&#64;<host>/DescribeFeatureType? ...