Title :
Security preferences specification and implementation in a service-based workflow
Author :
Ouedraogo, W. Francis ; Biennier, Frédérique ; Salatge, Nicolas
Author_Institution :
LIESP Lab., INSA-Lyon, Villeurbanne, France
Abstract :
The development of web 2.0 increases the call for agile and simple Business process support. SOA (Service oriented Architecture) provides companies with a new model to build their IT applications around their business processes and combine them dynamically and flexibly with the services of partner companies. In this open and distributed context, it is required to implement an appropriate security at each service. So, during the composition of service, it will be good for user to specify the security preference to associate to each service. In this article we describe in a first step, the difficulty of using analytical risk methods such as EBIOS, Mehari and OCTAVE to specify the constraints of security to associate with services. Then we present the SOA and its security component, therefore start the service bus ESB will act as an intermediary between the client and service provider. In a second step, we develop our method that can lead to the specification of security and describe how it would be possible to specify these security constraints during the service composition.
Keywords :
Internet; security of data; software architecture; software prototyping; software reliability; workflow management software; IT applications; agile process support; business process support; partner companies; security preferences specification; service bus ESB; service composition; service oriented architecture; service provider; service-based workflow; web 2.0; Authentication; Authorization; Risk analysis; Service oriented architecture; XML; ESB; Risk analysis; SOA; Security; service composition;
Conference_Titel :
Information Assurance and Security (IAS), 2010 Sixth International Conference on
Conference_Location :
Atlanta, GA
Print_ISBN :
978-1-4244-7407-3
DOI :
10.1109/ISIAS.2010.5604047
