Web Service Security Method To SOA Development

Web services provide significant new benefits for SOAbased applications, but they also expose significant new security risks. There are huge number of WS security standards and processes. At present, there is still a lack of a comprehensive approach which offers a methodical development in the construction of secure WS-based SOA. Thus, the main objective of this paper is to address this needs, presenting a comprehensive method for Web Services Security guaranty in SOA. The proposed method defines three stages, Initial Security Analysis, Architectural Security Guaranty and WS Security Standards Identification. These facilitate, respectively, the definition and analysis of WS-specific security requirements, the development of a WS-based security architecture and the identification of the related WS security standards that the security architecture must articulate in order to implement the security services.

Authors:

• Nafise Fareghzadeh

Keywords:

• Kernel
• Repository
• Security Standards
• WS Security Policy
• WS specification.

References:

[1] Rasmussen R E, Eggen A and Haakseth, "An architecture for
experimenting with secure and dynamic Web Services", Proceedings of
the 2006 Command and Control Research and Technology Symposium,
San Diego, USA, 2006.
[2] ENDREI, M., ANG, J., ARSANJANI, A., CHUA, S., COMTE, P.,
KROGDAHL, P., LUO, M. and NEWLING, " Patterns: Services
oriented architectures and web services", 2004.
[3] BASS, L., CLEMENTS, P. and KAZMAN, "Software architecture in
practice", A 2003.
[4] Emig, C., Weisser, J., Abeck, S. "Development of SOA-Based Software
Systems - an Evolutionary Programming Approach", In: IEEE
Conference on Internet and Web Applications and Services ICIW-06,
Guadeloupe / French Caribbean, February 2006.
[5] Newcomer, E., Lomow, G, "Understanding SOA with Web Services",
Addison Wesley Professional, Reading , December 2004.
[6] Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P. (eds.), "Web
Services Security (WSSecurity)", Version 1.1, February 2006.
[7] M. Tatsubori, T. Imamura, and Y. Nakamura, "Best Practice Patterns
and Tool Support for Configuring Secure Web Services Messaging",
IEEE International Conference on Web Services (ICWS), 2004.
[8] D. K. Barry, "Web Services and Service-Oriented Architectures", The
Savvy Managers Guide, Morgan Kaufman Publishers, San Francisco,
USA, 2003.
[9] M. Tatsubori, T. Imamura, and Y. Nakamura, "Best Practice Patterns
and Tool Support for Configuring Secure Web Services Messaging",
IEEE International Conference on Web Services (ICWS), 2004.
[10] PAPAZOGLOU, M. P. and GEORGAKOPOULO, "Service-oriented
computing", Communications of the ACM, December 2004, 46 (10):
25-28.
[11] ALBERTS, C. J., BEHRENS, S. G., PETHIA, R. D. and WILSON,
"Operationally critical threat, asset, and vulnerability evaluation
(OCTAVE) framework", Version 1.0., Carnegie Mellon, Software
Engineering Institute, 2005.
[12] SMITH, D. "Common concepts underlying safety, security, and
survivability engineering", Carnegie Mellon, Software Engineering
Institute, 2003.
[13] OMG, "UML profile for QoS and fault tolerance", see
http://www.omg.org/docs/ptc/04-09-01.pdf, 2004.
[14] BASS, L., BACHMANN, F., ELLISON, R. J., MOORE, A. P. and
KLEIN, "Security and survivability reasoning frameworks and
architectural design tactics", Carnegie Mellon, Software Engineering
Institute, 2004.
[15] KLEIN, M. and KAZMAN, "Attribute-based architectural styles",
Carnegie Mellon, Software Engineering Institute, 2004.