Web Services-Based Security Requirement Elicitation

Carlos GUTIERREZ  Eduardo FERNANDEZ-MEDINA  Mario PIATTINI  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E90-D   No.9   pp.1374-1387
Publication Date: 2007/09/01
Online ISSN: 1745-1361
DOI: 10.1093/ietisy/e90-d.9.1374
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Software Engineering
Keyword: 
software engineering,  design methodology,  software process,  application information security,  

Full Text: PDF>>
Buy this Article




Summary: 
Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed [1]. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.