PWSSEC: Secure Web Services-based Systems Development Process

Web services (WS, hereafter) paradigm has attained such a relevance in both, the academic and industry world, that the vision of Internet is evolving, passing from being considered as a mere repository of data to become the underlying infrastructure on which complex business processes and alliances...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Revista IEEE América Latina Ročník 4; číslo 2; s. 115 - 122
Hlavní autoři: Gutierrez, C.A., Fernandez-Medina, E., Piattini, M.
Médium: Journal Article
Jazyk:angličtina
Vydáno: Los Alamitos IEEE 01.04.2006
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
Architecture
Business
Developers
Distributed/Internet based Software Engineering Tools and Techniques
Domain-Specific Architectures
Internet
Life Cycle
Methods
Middleware
Network security
Process
Repositories
Risk Management
Security
Security and Privacy Protection
Service oriented architecture
Software development
Software engineering
Software Engineering for Internet Projects
Software quality
Software standards
ISSN:1548-0992, 1548-0992
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract Web services (WS, hereafter) paradigm has attained such a relevance in both, the academic and industry world, that the vision of Internet is evolving, passing from being considered as a mere repository of data to become the underlying infrastructure on which complex business processes and alliances are being deployed. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of Internet, like IETF, W3C or OASIS, are producing a huge number of WS-based security standards. Despite of this spectacular growing, a development process that facilitates the systematic integration of security within all stages of WS-based software development life-cycle does not exist yet. In this paper, we present PWSSec (Process for Web Services Security) as a security requirement-centered, and architectural and standard-based process that guides developers of WS-based systems when integrating security in their development processes. PWSSec is composed of three stages, WSSecReq (Web Services Security Requirements), WSSecArch (Web Services Security Architecture) and WSSecTech (Web Services Security Technologies) that enable and facilitates the activities of specifying WS-specific security requirements, defining WS-based security architectures and identifying and configuring WS-based security standards, respectively.
AbstractList [...] over the past years, the most important consortiums of Internet, like IETF, W3C or OASIS, are producing a huge number of WS-based security standards.
Web services (WS, hereafter) paradigm has attained such a relevance in both, the academic and industry world, that the vision of Internet is evolving, passing from being considered as a mere repository of data to become the underlying infrastructure on which complex business processes and alliances are being deployed. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of Internet, like IETF, W3C or OASIS, are producing a huge number of WS-based security standards. Despite of this spectacular growing, a development process that facilitates the systematic integration of security within all stages of WS-based software development life-cycle does not exist yet. In this paper, we present PWSSec (Process for Web Services Security) as a security requirement-centered, and architectural and standard-based process that guides developers of WS-based systems when integrating security in their development processes. PWSSec is composed of three stages, WSSecReq (Web Services Security Requirements), WSSecArch (Web Services Security Architecture) and WSSecTech (Web Services Security Technologies) that enable and facilitates the activities of specifying WS-specific security requirements, defining WS-based security architectures and identifying and configuring WS-based security standards, respectively.
Author Fernandez-Medina, E.
Gutierrez, C.A.
Piattini, M.
Author_xml – sequence: 1
  givenname: C.A.
  surname: Gutierrez
  fullname: Gutierrez, C.A.
– sequence: 2
  givenname: E.
  surname: Fernandez-Medina
  fullname: Fernandez-Medina, E.
– sequence: 3
  givenname: M.
  surname: Piattini
  fullname: Piattini, M.
BookMark eNpdkM1rAjEQxUOxULW9F3pZeulp7STZjUmhB7H2A4QKa_EYstkRVvbDJq7gf9-IQkthYB7M7z2GNyC9pm2QkFsKI0pBPS7nkxEDECMqEpak6oL0aZrIGJRivT_6igy83wBwKSTvk-fFKstm06coQ9s5jFaYB-n2pUUf58ZjEWUHv8PaRy-4x6rd1tjsooVrA-CvyeXaVB5vzntIvl5ny-l7PP98-5hO5rGlDHhM0SBHRtNUYc4VSMwVUlwDy_PUFNZYaUFQWRTIOBeGFaiM4RTA5sZQyYfk4ZS7de13h36n69JbrCrTYNt5LaVKOA8TyPt_5KbtXBOe01KMmUhhfIyDE2Rd673Dtd66sjbuoCnoY5s6tKmPbepzm8Fyd7KUiPiLn68_-H9xDg
Cites_doi 10.1109/52.469759
10.5381/jot.2003.2.3.c6
10.21236/ADA387544
10.1007/PL00010360
10.1109/2.59
10.5381/jot.2003.2.1.c6
10.1201/1086/44530.13.3.20040701/83066.4
10.1007/978-0-387-35563-4_13
10.1109/MITP.2005.1407802
10.5381/jot.2004.3.1.c6
10.1109/MS.2003.1159030
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2006
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2006
DBID 97E
RIA
RIE
AAYXX
CITATION
7SC
7SP
8FD
JQ2
L7M
L~C
L~D
F28
FR3
DOI 10.1109/TLA.2006.1642459
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Technology Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
ANTE: Abstracts in New Technology & Engineering
Engineering Research Database
DatabaseTitle CrossRef
Technology Research Database
Computer and Information Systems Abstracts – Academic
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
Engineering Research Database
ANTE: Abstracts in New Technology & Engineering
DatabaseTitleList Technology Research Database

Technology Research Database
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Architecture
Business
EISSN 1548-0992
EndPage 122
ExternalDocumentID 2349660441
10_1109_TLA_2006_1642459
1642459
Genre orig-research
GroupedDBID 0R~
4.4
5GY
5VS
6IK
97E
AAJGR
AAWTH
ABAZT
ABQJQ
ABVLG
ACGFS
ACIWK
AENEX
AETIX
AGQYO
AGSQL
AHBIQ
AIBXA
ALMA_UNASSIGNED_HOLDINGS
AZLTO
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
EBS
EJD
HZ~
IFIPE
IPLJI
JAVBF
LAI
M43
O9-
OCL
RIA
RIE
RNS
AAYXX
CITATION
7SC
7SP
8FD
JQ2
L7M
L~C
L~D
F28
FR3
ID FETCH-LOGICAL-c1203-1eae3e21559eb3908eb9e1ef02bb5adcac8c0618dde2336a2de9aa3100cbaa183
IEDL.DBID RIE
ISSN 1548-0992
IngestDate Sun Nov 09 09:44:33 EST 2025
Mon Jun 30 10:17:46 EDT 2025
Sat Nov 29 06:36:22 EST 2025
Wed Aug 27 02:48:57 EDT 2025
IsPeerReviewed false
IsScholarly true
Issue 2
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c1203-1eae3e21559eb3908eb9e1ef02bb5adcac8c0618dde2336a2de9aa3100cbaa183
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ObjectType-Article-2
ObjectType-Feature-1
content type line 23
PQID 867265078
PQPubID 75720
PageCount 8
ParticipantIDs proquest_miscellaneous_889433433
proquest_journals_867265078
ieee_primary_1642459
crossref_primary_10_1109_TLA_2006_1642459
PublicationCentury 2000
PublicationDate 20060401
PublicationDateYYYYMMDD 2006-04-01
PublicationDate_xml – month: 04
  year: 2006
  text: 20060401
  day: 01
PublicationDecade 2000
PublicationPlace Los Alamitos
PublicationPlace_xml – name: Los Alamitos
PublicationTitle Revista IEEE América Latina
PublicationTitleAbbrev T-LA
PublicationYear 2006
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref13
(ref5) 2004
ref12
guti rrez (ref16) 2005
breu (ref4) 2003
ref15
endrei (ref8) 2004
(ref23) 2004
bass (ref17) 1999
ref10
ref21
schneier (ref6) 1999
ref1
(ref20) 2004
toval (ref14) 2001; 6
moore (ref7) 2001
ref19
ref18
(ref2) 2004
ref3
(ref11) 2004
guti rrez (ref24) 2005
bass (ref22) 2003
sindre (ref9) 2000
References_xml – ident: ref21
  doi: 10.1109/52.469759
– year: 2004
  ident: ref20
  publication-title: Web Services Policy Framework (WS-Policy)
– year: 2004
  ident: ref11
  publication-title: Uml profile for modeling quality of service and fault tolerance characteristics and mechanisms
– ident: ref12
  doi: 10.5381/jot.2003.2.3.c6
– year: 2004
  ident: ref2
  publication-title: Cautious Web Services Software Adoption Continues IDC Expects Spending to Reach $11 Billion by 2008
– year: 2001
  ident: ref7
  publication-title: Attack Modelling for Information Security and Survivability
  doi: 10.21236/ADA387544
– year: 2004
  ident: ref5
  publication-title: Web Services Architecture
– volume: 6
  start-page: 205
  year: 2001
  ident: ref14
  article-title: Requirements Reuse for Improving Information Systems Security: A Practitioner's Approach
  publication-title: Requirements Engineering Journal
  doi: 10.1007/PL00010360
– ident: ref3
  doi: 10.1109/2.59
– year: 2004
  ident: ref23
  publication-title: Basic Security Profile Version 1 0 Working Group Draft
– year: 2003
  ident: ref4
  article-title: Key Issues of a Formally Based Process Model for Security Engineering
  publication-title: Proc 16th International Conference on Software and Systems Engineering and their Applications (ICSSEA'03)
– ident: ref15
  doi: 10.5381/jot.2003.2.1.c6
– ident: ref19
  doi: 10.1201/1086/44530.13.3.20040701/83066.4
– ident: ref18
  doi: 10.1007/978-0-387-35563-4_13
– ident: ref1
  doi: 10.1109/MITP.2005.1407802
– ident: ref13
  doi: 10.5381/jot.2004.3.1.c6
– ident: ref10
  doi: 10.1109/MS.2003.1159030
– year: 2005
  ident: ref16
  article-title: Web Services Enterprise Security Architecture: a Case Study
  publication-title: Proc ACM Workshop Secure Web Services
– year: 2005
  ident: ref24
  article-title: Desarrollo de sistemas de servicios web seguros
  publication-title: JSWEB'05
– year: 1999
  ident: ref6
  article-title: Attack Trees: Modeling Security Threats
  publication-title: Dr Dobb's Journal
– start-page: 120
  year: 2000
  ident: ref9
  article-title: Eliciting Security Requirements by Misuse Cases
  publication-title: Proc TOOLS Pacific 2000
– year: 2003
  ident: ref22
  publication-title: Software Architecture in Practice
– year: 1999
  ident: ref17
  publication-title: Architecture-Based Development
– start-page: 345
  year: 2004
  ident: ref8
  publication-title: Patterns Service-Oriented Architecture and Web Services
SSID ssj0038683
Score 1.6255304
Snippet Web services (WS, hereafter) paradigm has attained such a relevance in both, the academic and industry world, that the vision of Internet is evolving, passing...
[...] over the past years, the most important consortiums of Internet, like IETF, W3C or OASIS, are producing a huge number of WS-based security standards.
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Index Database
Publisher
StartPage 115
SubjectTerms Architecture
Business
Developers
Distributed/Internet based Software Engineering Tools and Techniques
Domain-Specific Architectures
Internet
Life Cycle
Methods
Middleware
Network security
Process
Repositories
Risk Management
Security
Security and Privacy Protection
Service oriented architecture
Software development
Software engineering
Software Engineering for Internet Projects
Software quality
Software standards
Title PWSSEC: Secure Web Services-based Systems Development Process
URI https://ieeexplore.ieee.org/document/1642459
https://www.proquest.com/docview/867265078
https://www.proquest.com/docview/889433433
Volume 4
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVIEE
  databaseName: IEEE Electronic Library (IEL)
  customDbUrl:
  eissn: 1548-0992
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0038683
  issn: 1548-0992
  databaseCode: RIE
  dateStart: 20030101
  isFulltext: true
  titleUrlDefault: https://ieeexplore.ieee.org/
  providerName: IEEE
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3NS8MwFH_M4UEPfk1xTiUHL4J1bdIlqeBhjA0PYww23W4lSd_Ayyb78O83Sds50YvQQ2mTEF6S917ex-8B3EWKZmGi4kCg0kE841GgrGQLKJ1lmimupQcwfeuLwUBOp8mwAg_bXBhE9MFn-OhevS8_W5iNM5U1rWpP41ayB3tC8DxXq-S6THLJSjdkmDTH_XbuaSj6_BA7vo7KL-brJUrv-H9zOYGjQnMk7XypT6GC8zM43METrMHzcDIadTtPxFvRkUxQk5IZBE5eZaRAKCc7wUKkSBY4h9ded9x5CYr6CIGJqAspQ4UMqXMs2itxEkrUCUY4C6nWLZUZZaSx4lpaDkYZ43ZVMFHKWfSNVsqe5QuozhdzvATSygyloY4jqwDGTAulaKy5iZlQjHPN63Bfki_9yGEwUn99CJPUktoVs-RpQZI61By5vtuVnxslvdPinKxSyQW1OqKQdSDbv3aDO6-FmuNiY5s4hHhmn6u_x23AQW4WcdE011BdLzd4A_vmc_2-Wt76TfIFMXq7mQ
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LS8QwEB58gXrwLa7PHLwI1m2TbJoIHhZRFOsiuLreSpLOgpeurK6_3yRtfaAXoYfSJiFMkpnJPL4BOEw0LWKleZSiNhEfiiTSTrJFlA4Lw7QwMgCYPmZpryefntTdFBx_5sIgYgg-wxP_Gnz5xchOvKms7VR7yjtqGmY7nNO4ytZq-C6TQrLGERmrdj_rVr6GutcPwRMqqfxiv0GmXC7_bzYrsFTrjqRbLfYqTGG5BovfEAXX4exucH9_cX5Kgh0dyQANadhB5CVWQWqMcvItXIjU6QIb8HB50T-_iuoKCZFNqA8qQ40MqXctukuxiiUahQkOY2pMRxdWW2mdwJaOh1HGhFsXVFp7m741WrvTvAkz5ajELSCdwlIaG544FZAzk2pNuRGWs1QzIYxowVFDvvylAsLIwwUiVrkjtS9nKfKaJC1Y9-T6atd83mnondcn5TWXIqVOS0xlC8jnX7fFvd9ClziauCYeI565Z_vvcQ9g_qp_m-XZde9mBxYqI4mPrdmFmbfxBPdgzr6_Pb-O98OG-QAfJ77g
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=PWSSEC%3A+Secure+Web+Services-based+Systems+Development+Process&rft.jtitle=Revista+IEEE+Am%C3%A9rica+Latina&rft.au=Gutierrez%2C+C.A&rft.au=Fernandez-Medina%2C+E&rft.au=Piattini%2C+M&rft.date=2006-04-01&rft.pub=The+Institute+of+Electrical+and+Electronics+Engineers%2C+Inc.+%28IEEE%29&rft.issn=1548-0992&rft.eissn=1548-0992&rft.volume=4&rft.issue=2&rft.spage=115&rft_id=info:doi/10.1109%2FTLA.2006.1642459&rft.externalDBID=NO_FULL_TEXT&rft.externalDocID=2349660441
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1548-0992&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1548-0992&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1548-0992&client=summon