A maturity metric based approach for eliciting SOA security requirements

Abstract

The emergence of service-oriented architecture (SOA) as an approach for integrating applications that expose services presents many new challenges to organizations resulting in significant risks to their business. Particularly important among those risks are failures to effectively address quality attribute requirements such as security. Properly defining and configuring security requirements in SOA applications is quite difficult for developers and business experts because they are not necessary security experts. SOA security requirements identification is a challenging and promising research area. In this article, we propose an SOA Security requirement elicitation approach based on the maturity assessment of security processes and controls applicable in the context of SOA.