Security Controls Applied to Web Service Architectures

8 years 3 months ago
Security Controls Applied to Web Service Architectures
Security certification assesses the security posture of a software system to verify its compliance with diverse, pre-specified security controls identified by guidelines from NIST and the US Department of Defense. Service-oriented architectures (SOA) are difficult to certify because they require compliance verification over a mix of local, global, and interaction criteria dictated by the policies of the participating services and SOA governance. Web services further contribute to this difficulty because they lack direct methods to express security controls. Besides being understandable, the method of expression should indicate potential problems complying with chosen services. This paper presents a method for configuring of web service standards to enforce security requirements on service interaction specification documents within a SOA. The outcome serves as a mechanism to direct the population of constraints derived from security controls within standards specification documents, su...
Robert Baird, Rose F. Gamble
Added 14 Feb 2011
Updated 14 Feb 2011
Type Journal
Year 2010
Where SEDE
Authors Robert Baird, Rose F. Gamble
Comments (0)