Model-driven security based on a web services security architecture

The emergence of Web services and Service-Oriented Architecture (SOA) makes application development easy. However, since the computing environments on which applications are running are becoming complex, it is harder for users to set up security properly. Considering such complex security environments, this paper describes a tooling framework to generate Web services security configurations using Model Driven Architecture (MDA). According to the MDA concept, users simply add security intentions to an application model, and then detailed security configurations are generated, employing transformations over UML constructs and a security environment model. In order to demonstrate that the framework is practically useful, we also illustrate how to generate configuration files for a commercial product. © 2005 IEEE.