ASSERT4SOA: toward security certification of service-oriented applications
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems
A test-based security certification scheme for web services
ACM Transactions on the Web (TWEB)
| Hi-index | 0.00 |
Certifying the security and dependability properties of individual web services or of entire business processes hosted on a Service Oriented Architecture (SOA) is a major challenge of SOA research. It is widely recognized that the unique features of WS/SOA require new security assessment approaches, including novel service testing and process monitoring techniques. In this talk, we discuss a framework for certifying the security and dependability properties of web-services and of SOA-based properties, introducing a third party certifier as a trusted authority. Our certifications are run-time negotiable XML data items based on signed test cases and formal proofs and operate at different level of granularity, providing a sound basis for run-time service selection and process orchestration decisions.