Web Services-Based Security Requirement Elicitation
Summary :
Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed [1]. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.
- Publication
- IEICE TRANSACTIONS on Information Vol.E90-D No.9 pp.1374-1387
- Publication Date
- 2007/09/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1093/ietisy/e90-d.9.1374
- Type of Manuscript
- PAPER
- Category
- Software Engineering
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Carlos GUTIERREZ, Eduardo FERNANDEZ-MEDINA, Mario PIATTINI, "Web Services-Based Security Requirement Elicitation" in IEICE TRANSACTIONS on Information,
vol. E90-D, no. 9, pp. 1374-1387, September 2007, doi: 10.1093/ietisy/e90-d.9.1374.
Abstract: Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed [1]. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.
URL: https://global.ieice.org/en_transactions/information/10.1093/ietisy/e90-d.9.1374/_p
Copy
@ARTICLE{e90-d_9_1374,
author={Carlos GUTIERREZ, Eduardo FERNANDEZ-MEDINA, Mario PIATTINI, },
journal={IEICE TRANSACTIONS on Information},
title={Web Services-Based Security Requirement Elicitation},
year={2007},
volume={E90-D},
number={9},
pages={1374-1387},
abstract={Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed [1]. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.},
keywords={},
doi={10.1093/ietisy/e90-d.9.1374},
ISSN={1745-1361},
month={September},}
Copy
TY - JOUR
TI - Web Services-Based Security Requirement Elicitation
T2 - IEICE TRANSACTIONS on Information
SP - 1374
EP - 1387
AU - Carlos GUTIERREZ
AU - Eduardo FERNANDEZ-MEDINA
AU - Mario PIATTINI
PY - 2007
DO - 10.1093/ietisy/e90-d.9.1374
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E90-D
IS - 9
JA - IEICE TRANSACTIONS on Information
Y1 - September 2007
AB - Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed [1]. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.
ER -
English
