Automatic Transformation of Generic , Validated Business Process Security Models to WS - SecurityPolicy Descriptions
نویسندگان
چکیده
An increasing need for security in SOA applications demands for better support for the management of security in Web-based business processes. Here, the model-driven process development may provide valuable opportunities in terms of maintainability and deployment. Besides modeling and then generating the pure functionality of a process, the consideration of security properties at the level of a process model allows us to derive appropriate Web Service security policies as well. Especially important when dealing with security issues is the need of trust in the deployed processes and the development process as well. In this chapter, the authors discuss the general capabilities and constraints for model-driven security. Furthermore, the authors focus on the automatic transformation of security models into executable security implementations as well as on the validation of the security models to ensure their correctness. Based on the discussion, the authors present a transformation mechanism that automatically derives WS-SecurityPolicy-conformant security policies. Moreover, the chapter presents a validation mechanism for the security model which is based on graphical validation rules. The application of both mechanisms allows the automatic deployment of validated, security-enabled Web Service based business processes.
منابع مشابه
Generating WS-SecurityPolicy Documents via Security Model Transformation
When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL...
متن کاملSemantic Matching of WS-SecurityPolicy Assertions
The lack of semantics in WS-SecurityPolicy (WS-SP) hampers the effectiveness of matching the compatibility between WS-SP assertions. To resolve this problem, we present in this paper a semantic approach for specifying and matching the security assertions. The approach consists in the transformation of WS-SP into an OWL-DL ontology and the definition of a set of semantic relations that can exist...
متن کاملA Framework and Language Support for Dynamic Security Policy in Service-Oriented Architecture
In today’s global network-based environment, where mission-critical applications typically run on highly distributed systems, customers expect reliable, available, and secure services. Supporting security becomes an important issue in service-oriented architecture (SOA). This paper describes how to simultaneously support both dynamic security policies and separation of concerns when developing ...
متن کاملProfiles for conveying the secure communication requirements of Web services
The lack of a single authority in the Grid environment is perhaps the biggest source of security and interoperability challenges faced by Grid systems designers. A strong commitment to meaningful, interoperable security is crucial for fostering Grid adoption and buy-in. The issues of securityinteroperability are twofold: (a) grids require federation of distinct trust and security domains, and (...
متن کاملWS-SecurityPolicy Decision and Enforcement for Web Service Firewalls
A known weakness of Web Services is their vulnerability to Denial of Service attacks exploiting XML processing characteristics. To protect Web Services from these attacks, extended validation of SOAP messages—considering WS-Security and WS-SecurityPolicy—is made. For SOAP security is message oriented, the processing of the security content itself is vulnerable to Denial of Service attacks. Henc...
متن کامل