SeAAs - a reference architecture for security services in SOA

Journal of Universal Computer Science

Volumn 15, Issue 15, 2010, Pages 2916-2936

  Hafner, Michael ^a   Memon, Mukhtiar ^a   Breu, Ruth ^a  

^a UNIVERSITY OF INNSBRUCK   (Austria)

Author keywords

Security as a service; Security requirements; Service oriented architecture

Indexed keywords

EID: 73149108190     PISSN: 0958695X     EISSN: 09486968     Source Type: Journal    
DOI: None     Document Type: Article

References (42)

1. Agreiter, B. Hafner, M. Breu, R.: "A Fair Non-repudiation Service in a Web services Peer-to-peer Environment"; Computer Standards and Interfaces, 30(6), 372-378, 2008.
2. Alam, M. Hafner, M. Memon, M. Hung, P.: "Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with SECTET"; In MOTHIS'07: MODELS 2007, Nashville, USA, 2007.
3. Arge ELGA: Arbeitsgemeinschaft Elektronische Gesundheitsakte; http://www.arge-elga.at/
4. Atkinson, B. et al.: Web Services Security (WS-security) - version 1.0. Specification; IBM Corp., Mircosoft Corp., VeriSign, Inc., 2002.
5. Bajaj, S.: "Web Services Policy 1.2 - Framework (WS-Policy)", W3C Member Submission; 25 April 2006, Technical Report, W3C, 2006.
6. Bartel, M. Boyer, J. Fox, B.: "XML-Signature Syntax and Processing"; W3C Recommendation, 12 February 2002, Technical Report, W3C, 2002.
7. Basin, D. Doser, J. Torsten, L.: "Model Driven Security: From UML Models to Access Control Infrastructures"; ACM Trans. Softw. Eng. Methodol., 15(1), 39-91, 2006.
8. Becker, M. Y. Sewell, P.: "Cassandra: Flexible Trust Management, Applied to Electronic Health Records"; In Comp. Sec. Foundations Workshop, 2004. Proc. 17th IEEE, 2004.
9. Donner, M.: "From the Editors: Whose Data are These, Anyway?"; IEEE Security and Privacy, 2(3), 5-6, 2004.
10. Hafner, M. and Breu, R.: "Security Engineering for Service-oriented Architectures"; Springer, October 2008.
11. Hafner, M. Breu, R. Agreiter, B. Nowak, A.: "SECTET: An Extensible Framework for the Realization of Secure Inter-organizational Workflows"; Journal of Internet Research, 16(5), 491-506, Emerald, 2006
12. Hinton, H. Hondo, M. Hutchison, B.: "Security Patterns within a Service-oriented Architecture"; Nov. 2005, http://www.ibm.com/websphere/developer/services.
13. Hohpe, G. Woolf, B.: "Enterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions"; Addison-Wesley Professional, 2003.
14. IETF.: "The LDAP Technical Specification"; 2006, http://tools.ietf.org/html/rfc4510.
15. Imamura, T.: "XML Encryption Syntax and Processing"; W3C Recommendation, 10 December 2002, Technical Report, W3C, 2002.
16. InnoQ: "Web services Standards Overview"; Nov. 2006, http://www.innoq.com/soa/ws-standards
17. Josuttis, N. M.: "SOA in Practice: The Art of Distributed System Design"; O'Reilly Media, Inc., August 2007.
18. Juerjens, J.: "Secure Systems Development with UML"; SpringerVerlag, 2004.
19. Kanneganti, R. Chodavarapu, P.: "SOA Security in Action"; Manning Publications Co., Greenwich, CT, USA, 2007.
20. Kremer, S. Markowitch, O. Zhou, J.: "An Intensive Survey of Fair Non- Repudiation Protocols"; Computer Communications, 25, 1606-1621, 2002.
21. Lopez, J. Montenegroa, J. Vivasa, J. et. al.: "Specification and Design of Advanced Authentication and Authorization Services"; Computer Standards and Interfaces, 27(5),467-478, 2005.
22. Markowitch, O Kremer, S.: "An Optimistic Non-repudiation Protocol with Transparent Trusted Third Party"; In ISC'01: Proc. of the 4th Int. Conf. on Information Security, London, UK, Springer, 2001.
23. Markowitch, O. Roggeman, Y.: "Probabilistic Non-repudiation Without Trusted Third Party"; In 2nd Conf. on Security in Communication Network, 1999.
24. Memon, M. Hafner, M. Breu, R.: "SECTISSIMO: A Platform-Independent Framework for Security Services"; In ModSec'08: MODELS 2008, Toulouse, France, 2008.
25. McAfee.: "Security as a Service"; 2008, http://www.mcafee.com/us/ocal_content/solution_briefs/sb_saas_0709.pdf
26. "Microsoft Windows live onecare"; 2006, http://onecare.live.com/standard/enus/3/default.htm.
27. OASIS TC.: "Extensible Access Control Markup Language (XACML)"; 2006. http://www.oasis-open.org
28. Oracle.: "Service-Oriented Security: An Application-Centric Look at Identity Management"; 2008, http://www.oracle.com.
29. Peterson, G.: "Service-oriented Security Indications for Use"; IEEE Security and Privacy, 7(2), 91-93, 2009.
30. Peterson, G.: "Service-oriented Security Architecture"; 2005, http://www.arctecgroup.net/ISB1009GP.pdf
31. Rademakers, T. Dirksen, J.: "Open-Source ESBs in Action"; Manning Publications Co., Greenwich, CT, USA, 2008.
32. OASIS TC.: "Security Assertion Markup Language (SAML)"; 2005, http://www.oasisopen.org.
33. Satoh, F. Nakamura, Y. Ono, K.: "Adding Authentication to Model Driven Security"; In ICWS'06: Proc. of the IEEE Intern. Conf. on Web Services, Washington, DC, USA, 2006.
34. Chappell, D.: "Introducing SCA"; 2007, http://www.davidchappell.com.
35. "Apache-ServiceMix: An Open Source ESB"; http://servicemix.apache.org
36. Symantec. Symantec names Genesis Norton 360; 2006, http://www.symantec.com/about/news/release/article.jsp?prid=20060531_01.
37. "Web Services Notification (WSN) Specifications"; 2006, http://docs.oasisopen.org/wsn.
38. W3C.: "Web Services Policy 1.2 - Framework"; 2006, http://www.w3.org/Submission/WSPolicy.
39. OASIS TC.: "WS-SecurityPolicy"; 2007, http://docs.oasis-open.org.
40. OASIS TC.: "WS-Trust Sepcifications"; 2005, http://docs.oasis-open.org.
41. Zhou, J. Deng, R. H. Bao, F.: "Evolution of Fair Non-repudiation with TTP"; In ACISP'99: Proc. of the 4th Australasian Conf. on Information Security and Privacy, London, UK, 1999. Springer.
42. Zimmermann, R.: "Design and Prototypical Implementation of a Non-Repudiation System for Mobile Grid Services"; http://www.ifi.uzh.ch/archive/mastertheses.