IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

The increasing success of Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.

Container-level security certification of services / M. Anisetti, C.A. Ardagna, E. Damiani - In: Business system management and engineering : from open issues to applications / [a cura di] C.A. Ardagna, E. Damiani, L.A. Maciaszek, M. Missikoff, M. Parkin. - Heidelberg : Springer, 2012. - ISBN 9783642324383. - pp. 93-108 [10.1007/978-3-642-32439-0_6]

Container-level security certification of services

M. Anisetti
Primo
;C.A. Ardagna
Secondo
;E. Damiani
Ultimo
2012

Abstract

The increasing success of Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.
Settore INF/01 - Informatica
   Advanced Security Service cERTificate for SOA
   ASSERT4SOA
   EUROPEAN COMMISSION
   FP7
   257351
2012
Book Part (author)
03 - Contributo in volume
File in questo prodotto:
File Dimensione Formato  
AAD.BSME.pdf

accesso solo dalla rete interna

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 208.98 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
208.98 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/203802
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact