Title :
A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures
Author :
Menzel, Michael ; Warschofsky, Robert ; Meinel, Christoph
Author_Institution :
Hasso-Plattner-Inst., Potsdam, Germany
Abstract :
Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-SecurityPolicy) that enable the negotiation of these requirements between clients and services. However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intentions to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.
Keywords :
Web services; formal specification; security of data; software architecture; Web Service security; Web service specification; domain-specific language; formalised pattern structure; model-driven approach; pattern-driven generation; security policy codification; service-oriented architecture; Context; Context modeling; Data models; Security; Service oriented architecture; Unified modeling language;
Conference_Titel :
Web Services (ICWS), 2010 IEEE International Conference on
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-8146-0
Electronic_ISBN :
978-0-7695-4128-0
DOI :
10.1109/ICWS.2010.25
