A Security Meta-model for Service-Oriented Architectures

Service-oriented architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Several approaches have been described to generate executable description of service orchestrations based on visual business process models. These models describe workflows and related information on an abstract level supporting business analysts to state and verify business requirements. In previous work, we have adopted this approach to simplify the security engineering in service-oriented architectures. We foster a model-driven approach based on the integration of security annotations in visual modelling notation. These annotations are gathered and translated to a domain-independent security model that facilitates the generation of enforceable security configurations (e.g. WSSecurityPolicy). In this paper, we introduce our security meta-model for SOA that constitutes the foundation for our model-driven approach. Based on a model for service interactions that describes the exchange of information in a service-based system, we define a model to express security requirements and policies, and introduce a mapping to WS-Policy and WS-SecurityPolicy.