Communications of the ACM
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Web Services Security
The 4+1 View Model of Architecture
IEEE Software
Managing Security Policy in a Large Distributed Web Services Environment
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Developing Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
An Approach to Help Select Trustworthy Web Services
CEC-EAST '04 Proceedings of the E-Commerce Technology for Dynamic E-Business, IEEE International Conference
IEEE Internet Computing
Sound development of secure service-based systems
Proceedings of the 2nd international conference on Service oriented computing
Specification and querying of security constraints in the EFSOC framework
Proceedings of the 2nd international conference on Service oriented computing
Trustworthy Web Services: Actions for Now
IT Professional
Model-Driven Security Based on a Web Services Security Architecture
SCC '05 Proceedings of the 2005 IEEE International Conference on Services Computing - Volume 01
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
Web services enterprise security architecture: a case study
Proceedings of the 2005 workshop on Secure web services
PWSSec: Process for Web Services Security
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Extending a Secure System Development Methodology to SOA
DEXA '07 Proceedings of the 18th International Conference on Database and Expert Systems Applications
A pattern-driven security process for SOA applications
Proceedings of the 2008 ACM symposium on Applied computing
Soa: principles of service design
Soa: principles of service design
Security Engineering for Service-Oriented Architectures
Security Engineering for Service-Oriented Architectures
Web service engineering – advancing a new software engineering discipline
ICWE'05 Proceedings of the 5th international conference on Web Engineering
SP 800-95. Guide to Secure Web Services
SP 800-95. Guide to Secure Web Services
| Hi-index | 0.00 |
Best practices currently state that the security requirements and security architectures of distributed software-intensive systems should be based on security risk assessments, which have been designed from security patterns, are implemented in security standards and are tool-supported throughout their development life-cycle. Web service-based information systems uphold inter-enterprise relations through the Internet, and this technology has been revealed as the reference solution with which to implement Service-Oriented Architectures. In this paper, we present the application of the Process for Web Service Security (PWSSec), developed by the authors, to a real web service-based case study. The manner in which security in inter-organizational information systems can be analyzed, designed and implemented by applying PWSSec, which combines a risk analysis and management, along with a security architecture and a standard-based approach, is also shown. We additionally present a tool built to provide support to the PWSSec process.