The increasing success of Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.
Container-level security certification of services / M. Anisetti, C.A. Ardagna, E. Damiani - In: Business system management and engineering : from open issues to applications / [a cura di] C.A. Ardagna, E. Damiani, L.A. Maciaszek, M. Missikoff, M. Parkin. - Heidelberg : Springer, 2012. - ISBN 9783642324383. - pp. 93-108 [10.1007/978-3-642-32439-0_6]
Container-level security certification of services
M. AnisettiPrimo
;C.A. ArdagnaSecondo
;E. DamianiUltimo
2012
Abstract
The increasing success of Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.File | Dimensione | Formato | |
---|---|---|---|
AAD.BSME.pdf
accesso solo dalla rete interna
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
208.98 kB
Formato
Adobe PDF
|
208.98 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.