Developing a Security Meta-Language Framework

Service-oriented architectures (SOAs) with web services have become commonplace in business and government application development. One reason that web services should facilitate application implementation and deployment is their use of standards to provide clear descriptions of service expectations. However, when reliance on these standards is mandatory, such as in the case of guaranteeing the SOA meets specific security and information assurance constraints, design and development difficulties arise due to the magnitude of standards available, their cross referencing, and dependencies. This paper introduces a framework to provide the foundation for a security meta-language (SML) that models the security relevant portions of the standards for their consistent, comprehensive, and correct application. The goal of the framework is for security constraints and the SOA application domain to filter the model entities for the SML to define the proper message structure and content that each service in the SOA must have.