JUCS - Journal of Universal Computer Science 15(15): 2916-2936, doi: 10.3217/jucs-015-15-2916
SeAAS - A Reference Architecture for Security Services in SOA
expand article infoMichael Hafner, Mukhtiar Memon, Ruth Breu
‡ University of Innsbruck, Innsbruck, Austria
Open Access
Decentralized security models and distributed infrastructures of scenarios based onService Oriented Architectures make the enforcement of security policies a key challenge - all the more so for business processes spanning over multiple enterprises. The current practice to im-plement security functionality exclusively at the endpoint places a significant processing burden on the endpoint, renders maintenance and management of the distributed security infrastructurescumbersome, and impedes interoperability with external service requesters. To meet these challenges, we propose a reference security architecture that transposes the model of Software as aService to the security domain and thereby realizes Security as a Service (SeAAS). The proposed architecture goes beyond the mere bundling of security functionality within one security domain.We illustrate the concepts of SeAAS at work with the requirement of fair non-repudiation. The architecture complements the SECTET framework for model-driven security engineering.
security as a service, service oriented architecture, security requirements