INSIEME - Model Driven Security for Web Services

Inter-organizational workflows are among the fields promising immense growth of rates within the next years. Through the development of standards and languages around Web Service technology the technical platform for the cooperation of systems over the web has been provided. Potential applications concern all classes of business enabling novel and flexible ways of communication between business partners. One of the most crucial factors for bringing such scenarios into broad practice is security. Business partners will only conduct core business processes over the web if a high level of trust can be guaranteed. This includes confidentiality and integrity of exchanged data, non-repudiation of actions, authentication and authorization of actors and availability of system services. Due to intensive research in the field of security in the recent years today most security goals can be met at the technical level based on sophisticated security protocols, encryption techniques and standards. However, the application of such techniques still remains at a very low, platform and implementation dependent level. The disadvantages are obvious implementation of secure inter-organizational workflows is limited to experts with a highly specialized knowledge. Moreover, in many cases the security solutions are not adjusted with the customers needs. The goal of INSIEME is the systematic modelling and realization of security-critical inter-organizational workflows based on web service technology. We develop an environment supporting the business oriented realization of security requirements such as confidentiality, integrity, non-repudiation and authorization. Following a model driven security approach we will provide an advanced reference architecture in the context of web services and web service orchestration and a modelling environment for the high-level configuration of security components based on a set of security patterns.