Policy Chain for Securing Service Oriented Architectures [chapter]

Wihem Arsac, Annett Laube, Henrik Plate
2013 Lecture Notes in Computer Science  
Service Providers using Service Oriented Architecture in order to deliver in-house services as well as on-demand and cloud services have to deal with two interdependent challenges: (1) to achieve, maintain and prove compliance with security requirements stemming from internal needs, 3rd party demands and international regulations and (2) to manage requirements, policies and security configuration in a cost-efficient manner. The deficiencies of current processes and tools force these service
more » ... iders to trade off profitability against security and compliance. This paper summarizes a novel approach of a policy chain, which links high-level, abstract and declarative security policies on one side and low-level, imperative, and technical security configuration settings on the other side. The paper describes detailed an architecture linking several applications and models via state-machines in order to provide a toolset supporting service providers to build such a holistic policy chain at design time, and to maintain and leverage it during system operation.
doi:10.1007/978-3-642-35890-6_22 fatcat:f42n57wukbajjppru65jeol2ae