Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 15 / Issue 15

available in:   PDF (422 kB) PS (642 kB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-015-15-2916


SeAAS - A Reference Architecture for Security Services in SOA

Michael Hafner (University of Innsbruck, Austria)

Mukhtiar Memon (University of Innsbruck, Austria)

Ruth Breu (University of Innsbruck, Austria)

Abstract: Decentralized security models and distributed infrastructures of scenarios based onService Oriented Architectures make the enforcement of security policies a key challenge - all the more so for business processes spanning over multiple enterprises. The current practice to im-plement security functionality exclusively at the endpoint places a significant processing burden on the endpoint, renders maintenance and management of the distributed security infrastructurescumbersome, and impedes interoperability with external service requesters. To meet these challenges, we propose a reference security architecture that transposes the model of Software as aService to the security domain and thereby realizes Security as a Service (SeAAS). The proposed architecture goes beyond the mere bundling of security functionality within one security domain.We illustrate the concepts of SeAAS at work with the requirement of fair non-repudiation. The architecture complements the SECTET framework for model-driven security engineering.

Keywords: security as a service, security requirements, service oriented architecture

Categories: D.2.10, D.2.11