A unified framework for security visualization and enforcement in business process driven environments

Abstract

Service-oriented architecture offers a promising approach for supporting interoperability and flexibility in the context of increasingly dynamic and rapidly changing requirements in the business world. However, encapsulation of business functionalities as self-contained services, as one of the main concepts in a SOA, brings new challenges. While business experts concentrate on the domain-specific aspects, other non-functional requirements such as security remain mostly neglected, if all understood. Costs for security administration may increase, business-driven security requirements may not be addressed and security configurations may not match at all internal and external regulations and guidelines. Based on these needs, we propose a technology-independent framework that provides graphical concepts for incorporating the security demands, facilitating the handling of security requirements from the specification to their realization.