Whitepaper: Modeling Security Concerns in Service-Oriented Architectures
This paper proposes a candidate profile for Unified Modeling Language (UML) that presents security-related intent elements as stereotypes that business users and software architects can apply to UML elements when working with business stakeholders to capture business requirements.
Relationships
Related Elements
Main Description

By Simon Johnston, IBM © Copyright 2004 by IBM Corporation. All Rights Reserved.

A PDF version of this article is available. You must have Adobe Acrobat installed to view it.

Abstract

Many enterprises are implementing Service-Oriented Architecture (SOA) using Web services, and are designing those services according to the principles of Model Driven Architecture (MDA). Because the Unified Modeling Language (UML) used to express MDA lacks model elements for indicating the security needs of business processes, system architects are forced either to ignore security concerns in their models or to indicate their intentions in ways that are implementation-specific. This paper proposes a candidate profile for UML that presents security-related intent elements as stereotypes that business users and software architects can apply to UML elements when working with business stakeholders to capture business requirements. Using a profile such as the one proposed here would allow architects to specify the business intent of security in their designs without violating the MDA prohibition against implementation-specific details in high-level, behavioral models.


©  Copyright IBM Corp. 1987, 2006.  All Rights Reserved.