About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
WWW 2005
Conference paper
Web services security configuration in a service-oriented architecture
Abstract
Security is one of the major concerns when developing mission-critical business applications, and this concern motivated the Web Services Security specifications. However, the existing tools to configure the security properties of Web Services give a technology-oriented view; only assisting in choosing data to encrypt and the encryption algorithms to use. A user must manually bridge the gap between the security requirements and the configuration, which could cause extra configuration costs and lead to potential misconfiguration hazards. To ease this situation, we came up with refining security requirements from business to technology, leveraging the concepts of Service-Oriented Architecture (SOA) and Model-Driven Architecture (MDA). Security requirements are gradually transformed to more detailed ones or countermeasures by bridging the gap between them by using best practice patterns.