SOABSE: an approach to realizing business-oriented security requirements with web service security policies

Tan Phan, Jun Han, Ingo Mueller, Malinda Kapuruge, Steve Versteeg

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

3 Citations (Scopus)

Abstract

A critical issue in developing Web Service-based business applications is the realization of business-level security requirements with system-level security mechanisms using the WS-* standards. Current practice has primarily relied on the engineer's experience and lacks consistency and methodological support. This paper introduces an approach to Web Services security engineering called SOABSE, which systematically models, designs and implements security for a WS-based application from a given set of business-oriented security requirements. It includes 1) a stepwise process that systematically transforms business-level security requirements into system-level WS-* security policies, and relies on 2) a security realization model that maps business-level security objectives to WS-* security realization mechanisms and 3) a security deployment model that sets out the security-oriented Web Service deployment information. A prototype tool supporting the approach is also introduced.

Original languageEnglish
Title of host publicationIEEE International Conference on Service-Oriented Computing and Applications, SOCA' 09
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages307-316
Number of pages10
ISBN (Print)9781424452996
DOIs
Publication statusPublished - 1 Dec 2009
Externally publishedYes
EventIEEE International Conference on Service-Oriented Computing and Applications, SOCA' 09 - Taipei, Taiwan
Duration: 14 Dec 200915 Dec 2009

Conference

ConferenceIEEE International Conference on Service-Oriented Computing and Applications, SOCA' 09
CountryTaiwan
CityTaipei
Period14/12/0915/12/09

Keywords

  • Security attributes
  • Security models
  • WS-Security

Cite this