PWSSEC: Proceso de Desarrollo para Seguridad de Servicios Web (PWSSEC: Secure Web Services-based Systems Development Process)

Carlos A. Gutiérrez (, Eduardo Fernández-Medina (, Mario Piattini (

Grupo ALARCOS, Departamento de Tecnologías y Sistemas de Información, Centro Mixto de Investigación y Desarrollo de Software UCLM-Soluziona, Universidad de Castilla-La Mancha, España.
This paper appears in: Revista IEEE América Latina

Publication Date: April 2006
Volume: 4,   Issue: 2 
ISSN: 1548-0992

Web services (WS, hereafter) paradigm has attained such a relevance in both, the academic and industry world, that the vision of Internet is evolving, passing from being considered as a mere repository of data to become the underlying infrastructure on which complex business processes and alliances are being deployed. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of Internet, like IETF, W3C or OASIS, are producing a huge number of WS-based security standards. Despite of this spectacular growing, a development process that facilitates the systematic integration of security within all stages of WS-based software development life-cycle does not exist yet. In this paper, we present PWSSec (Process for Web Services Security) as a security requirement-centered, and architectural and standard-based process that guides developers of WS-based systems when integrating security in their development processes. PWSSec is composed of three stages, WSSecReq (Web Services Security Requirements), WSSecArch (Web Services Security Architecture) and WSSecTech (Web Services Security Technologies) that enable and facilitates the activities of specifying WS-specific security requirements, defining WS-based security architectures and identifying and configuring WS-based security standards, respectively.

Index Terms:
Methods, Domain-Specific Architectures, Life Cycle, Process, Risk Management, Security and Privacy Protection, Software Engineering for Internet Projects, Distributed/Internet based Software Engineering Tools and Techniques, Standards   

Documents that cite this document
This function is not implemented yet.

[PDF Full-Text (327)]