Association for Computing Machinery
Service-Oriented Architectures (SOA) provides a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. Increased connectivity entails significant higher security risks. To face these risks, a broad range of specifications e.g. WS-Security and WS-Trust has emerged to ensure security in SOA. These specifications are supported by all major web service Frameworks and enforced by security modules provided by these frameworks to apply security to ingoing and outgoing messages. In general, a security module is configured declaratively using a security policy e.g. WS-SecurityPolicy that expresses security goals and related configurations.