Methodology and Tools for End-to-End SOA Security Configurations

Satoh, Fumiko; Nakamura, Yūichi; Mukhi, Nirmal; Tatsubori, Michiaki; Ono, K.

doi:10.1109/services-1.2008.82

Cited by 24 publications

(17 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Sometimes security is added at the time of integration of distributed applications. SOA applications are coupled over various protocols and network technologies, just adding security to software applications is not a realistic approach [6,22] because all the required security information is not available at the downstream phases [6,23]. This approach degrades implementing and maintaining the security of the system [24].…”

Section: Security Is Not Unified With Software Engineering Processmentioning

confidence: 99%

Security Problems of SOA Applications

Saleem¹

2017

IJSIA

View full text Add to dashboard Cite

show abstract

Section: Security Is Not Unified With Software Engineering Processmentioning

confidence: 99%

Security Problems of SOA Applications

Saleem¹

2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…A methodology for an end to end SOA security configuration in proposed by [18]. The approach is model-driven, and makes use of templates to express identified security patterns, initially added as abstract keywords that represent security requirements at business level, and then at a service model level.…”

Section: Related Workmentioning

confidence: 99%

“…The SIM, although closer to topology modeling, fulfills an equivalent functionality to that of the WS-SecurityPolicy platform model in this work. Our approach and the one in [18] differ in that the latter is limited to security, and in, perhaps, the greatest strength in this proposal: the use of sepárate concern models to address each non-functional characteristic, a feature that aids reuse and modularity of design and implementation.…”

Section: Related Workmentioning

confidence: 99%

Domain-Specific Multi-modeling of Security Concerns in Service-Oriented Architectures

Gallino

Miguel

Briones

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. As a common reference for many in-development standards and execution frameworks, special attention is being paid to ServiceOriented Architectures. SOAs modeling, however, is an área in which a consensus has not being achieved. Currently, standardization organizations are defining proposals to offer a solution to this problem. Nevertheless, until very recently, non-functional aspects of services have not been considered for standardization processes. In particular, there exists a lack of a design solution that permits an independent development of the functional and non-functional concerns of SOAs, allowing that each concern be addressed in a convenient manner in early stages of the development, in a way that could guarantee the quality of this type of systems. This paper, leveraging on previous work, presents an approach to intégrate security-related non-functional aspects (such as confidentiality, integrity, and access control) in the development of services.

show abstract

“…It offers routing services to navigate the requests to the relevant service provider based on a routing path specification. Routing may be [6] itinerary-based, content-based, conditional-based defined manually [45] or dynamic [51]. In both cases the drawback is the minimal support for considering all functional and non-functional requirements of all service connections in the system.…”

Section: Technical Integrationmentioning

confidence: 99%

Semantic Service Matchmaking in the ATM Domain Considering Infrastructure Capability Constraints

Moser

Mordinyi

Sunindyo

et al. 2010

Canadian Semantic Web

View full text Add to dashboard Cite

In a service-oriented environment business processes flexibly build on software services provided by systems in a network. A key design challenge is the semantic matchmaking of business processes and software services in two steps: 1. Find for one business process the software services that meet or exceed the BP requirements; 2. Find for all business processes the software services that can be implemented within the capability constraints of the underlying network, which poses a major problem since even for small scenarios the solution space is typically very large. In this chapter we analyze requirements from mission-critical business processes in the Air Traffic Management (ATM) domain and introduce an approach for semi-automatic semantic matchmaking for software services, the "System-Wide Information Sharing" (SWIS) business process integration framework. A tool-supported semantic matchmaking process like SWIS can provide system designers and integrators with a set of promising software service candidates and therefore strongly reduces the human matching effort by focusing on a much smaller space of matchmaking candidates. We evaluate the feasibility of the SWIS approach in an industry use case from the ATM domain.

show abstract

Methodology and Tools for End-to-End SOA Security Configurations

Cited by 24 publications

References 11 publications

Security Problems of SOA Applications

Security Problems of SOA Applications

Domain-Specific Multi-modeling of Security Concerns in Service-Oriented Architectures

Semantic Service Matchmaking in the ATM Domain Considering Infrastructure Capability Constraints

Contact Info

Product

Resources

About