For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Web Services-Based Security Requirement Elicitation
Carlos GUTIERREZ Eduardo FERNANDEZ-MEDINA Mario PIATTINI
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2007/09/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Software Engineering
software engineering, design methodology, software process, application information security,
Full Text: PDF>>
Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed . Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.