A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures

Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-SecurityPolicy) that enable the negotiation of these requirements between clients and services. However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intentions to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.