Security Specification at Process Level

In this paper, we present a process-oriented tool allowing the specification of security properties at the service composition level. The tool is based on the notions of abstract and concrete services as well as on the concept of separation of concerns. It provides a framework that allows different people to effectively discuss security issues. Abstract services can be viewed as activities rather than as technical services and are such better understood by non-technical people. Similarly, security is discussed in terms of needs and no complex security technologies are to be specified. The tool relies between these two meta-models specifying orchestration-related concepts and security concepts. Meta-links between the meta-models have been defined to specify the authorized security constraints on the orchestrated services. The tool has been validated on an application specified by Thales.