Certifying the security and dependability properties of individual web services or of entire business processes hosted on a Service Oriented Architecture (SOA) is a major challenge of SOA research. It is widely recognized that the unique features of WS/SOA require new security assessment approaches, including novel service testing and process monitoring techniques. In this talk, we discuss a framework for certifying the security and dependability properties of web-services and of SOA-based properties, introducing a third party certifier as a trusted authority. Our certifications are run-time negotiable XML data items based on signed test cases and formal proofs and operate at different level of granularity, providing a sound basis for run-time service selection and process orchestration decisions.
展开▼
