Modeling Security Objectives along BPM of SOA Applications

In SOA environment, a software application is a composition of services, which are scattered across the Internet. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today's software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. General purpose modeling languages like UML are used for designing the software system; however, these languages lack the knowledge of the specific domain and "security" is one of the essential domains. A DSL, named the "UML-SOA-Sec" is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem's MDS services composition framework is proposed for the development of a secure web service composition. Being able to express security objectives in a widely used design notation like UML, helps to save time and effort during the implementation and verification of security in SOA applications.