SeAAS - A Reference Architecture for Security Services in SOA
2009
Decentralized security models and distributed infrastructures of scenarios based on Service Oriented Architectures make the enforcement of security policies a key challenge - all the more so for business processes spanning over multiple enterprises. The current practice to im- plement security functionality exclusively at the endpoint places a significant processing burden on the endpoint, renders maintenance and management of the distributed security infrastructures cumbersome, and impedes interoperability with external service requesters. To meet these chal- lenges, we propose a reference security architecture that transposes the model of Software as a Service to the security domain and thereby realizes Security as a Service (SeAAS). The proposed architecture goes beyond the mere bundling of security functionality within one security domain. We illustrate the concepts of SeAAS at work with the requirement of fair non-repudiation. The architecture complements the SECTET framework for model-driven security engineering. 1
Keywords:
- Sherwood Applied Business Security Architecture
- Computer security model
- Security through obscurity
- Computer science
- Security convergence
- Security information and event management
- Distributed System Security Architecture
- Computer security
- Security as a service
- Security service
- Software engineering
- Cloud computing security
- Security testing
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
26
References
29
Citations
NaN
KQI