SeAAS - A Reference Architecture for Security Services in SOA
Michael Hafner (University of Innsbruck, Austria)
Mukhtiar Memon (University of Innsbruck, Austria)
Ruth Breu (University of Innsbruck, Austria)
Abstract: Decentralized security models and distributed infrastructures of scenarios based onService Oriented Architectures make the enforcement of security policies a key challenge - all the more so for business processes spanning over multiple enterprises. The current practice to im-plement security functionality exclusively at the endpoint places a significant processing burden on the endpoint, renders maintenance and management of the distributed security infrastructurescumbersome, and impedes interoperability with external service requesters. To meet these challenges, we propose a reference security architecture that transposes the model of Software as aService to the security domain and thereby realizes Security as a Service (SeAAS). The proposed architecture goes beyond the mere bundling of security functionality within one security domain.We illustrate the concepts of SeAAS at work with the requirement of fair non-repudiation. The architecture complements the SECTET framework for model-driven security engineering.
Keywords: security as a service, security requirements, service oriented architecture
Categories: D.2.10, D.2.11
|
