Title :
SOABSE: An approach to realizing business-oriented security requirements with Web Service security policies
Author :
Phan, Tan ; Han, Jun ; Mueller, Ingo ; Kapuruge, Malinda ; Versteeg, Steve
Author_Institution :
Fac. of ICT, Swinburne Univ. of Technol., Melbourne, VIC, Australia
Abstract :
A critical issue in developing Web Service-based business applications is the realization of business-level security requirements with system-level security mechanisms using the WS-* standards. Current practice has primarily relied on the engineer´s experience and lacks consistency and methodological support. This paper introduces an approach to Web Services security engineering called SOABSE, which systematically models, designs and implements security for a WS-based application from a given set of business-oriented security requirements. It includes 1) a stepwise process that systematically transforms business-level security requirements into system-level WS-* security policies, and relies on 2) a security realization model that maps business-level security objectives to WS-* security realization mechanisms and 3) a security deployment model that sets out the security-oriented Web Service deployment information. A prototype tool supporting the approach is also introduced.
Keywords :
Web services; business process re-engineering; security of data; software architecture; WS-* standards; Web service security policies; business-level security requirements; business-oriented security requirements; security-oriented Web service deployment information; system-level WS-* security realization mechanisms; Australia; Design engineering; Information security; Law; Legal factors; Performance evaluation; Prototypes; Service oriented architecture; Standards development; Web services; WS-Security; security attributes; security models;
Conference_Titel :
Service-Oriented Computing and Applications (SOCA), 2009 IEEE International Conference on
Conference_Location :
Taipei
Print_ISBN :
978-1-4244-5300-9
DOI :
10.1109/SOCA.2009.5410258
