Security Engineering for Service-Oriented Architectures (eBook) von Michael Hafner

The Basics of SOA Security Engineering.- SOA Standards& Technology.- Basic Concepts of SOA Security.- Domain Architectures.- Realizing SOA Security.- Sectino A Motivating Case Study from E-Government.- Security Analysis.- Modeling Security Critical SOA Applications.- Enforcing Security with the Sectet Reference Architecture.- Model Transformation& Code Generation.- Software& Security Management.- Extending Sectet: Advanced Security Policy Modeling.- A Case Study from Healthcare.- health@net A Case Study from Healthcare.

The growing popularity of Service Oriented Architectures is mainly due to business and technology trendsthat have crystallized over thepast decade. On the business side, companies struggle to survive in a competitive - vironment that pushes them towards a tighter integration into an industrys value chain, to outsource non core business operations or to constantly- engineer business processes. These challenges boosted the demand for sc- able IT-solutions, with e?orts ultimately resulting in a ?exible architectural paradigm Service Oriented Architectures. On the technical side, middleware standards, technologies and archit- turesbasedonXMLand Webservicesaswellastheirsecurityextensionshave matured to a sound technology base that guarantees interoperability across enterprise and application boundaries a prerequisite to inter-organizational applications and work?ows. While the principles and concepts of Service Oriented Architectures may lookevidentandcogentfromaconceptualperspective,therealizationofint- organizational work?ows and applications based on the paradigm Service Oriented Architecture remains a complex task, and, all the more when it comes to security, the implementation is still bound to low-level technical knowledgeandhence error-prone. The number of books and publications o?ering implementation-level c- erageofthetechnologies,standardsandspeci?cationsasrequiredbytechnical developers lookingfor guidance on how toaddsecurity to service oriented solutions based on Web services and XML technology is already considerable and ever growing. The present book sets a di?erent focus. Based on the p- adigmof Model Driven Security, it shows how to systematically designand realize security-critical applications for Service Oriented Architectures.

Ruth Breu has been head of the research group Quality Engineering at the University of Innsbruck since 2002. Prior to that, she was a researcher at the Technische Universität München and Universität Passau, and spent several years in industry working as a software engineering consultant. Quality Engineering focuses on foundations of model-based software development, in particular in the areas of security engineering, IT governance, model quality assessment and workflow management systems. The research group cooperates with industry partners such as Siemens, Swiss Re and Telekom Austria.

Michael Hafner gained his industry experience in the automotive and the telecommunications sectors as a technical consultant on systems integration with Deloitte Consulting before joining the Quality Engineering group as a researcher. In this group he has been responsible for the design and the realization of the SECTET framework, a model-driven security infrastructure for SOA applications.