Methodology and Tools for End-to-End SOA Security Configurations
- 1 July 2008
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2008 IEEE Congress on Services - Part I
Abstract
The configuration of non-functional requirements, such as security, has become important for SOA applications, but the configuration process has not been discussed comprehensively. In current development processes, the security requirements are not considered in upstream phases and a developer at a downstream phase is responsible for writing the security configuration. However, configuring security requirements properly is quite difficult for developers because the SOA security is cross-domain and all required information is not available in the downstream phase. To resolve this problem, we clarify how to configure security in the SOA application development process, and define the developer's roles in each phase. Additionally, supporting technologies to generate security configurations are proposed: Model-Driven Security and Pattern-based Policy Configuration. Our contribution is proposing a methodology for end-to-end security configuration for SOA applications and tools for generating detailed security configurations from the requirements specified in upstream phases model transformations, making it possible to configure security properly without increasing developers' workloads.Keywords
This publication has 6 references indexed in Scilit:
- Generic Security Policy Transformation Framework for WS-SecurityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- A qualitative analysis of software security patternsComputers & Security, 2006
- An MDA approach to Access Control Specifications Using MOF and UML ProfilesElectronic Notes in Theoretical Computer Science, 2006
- Toward UML Profiles for Web Services and their Extra-Functional PropertiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Adding Authentication to Model Driven SecurityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Model driven security: unification of authorization models for fine-grain access controlPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004