Supporting the comparison of business-level security requirements within cross-enterprise service development

Abstract

For businesses planning interactions online, particularly those using Web services, managing risks and accommodating each other's varying business-level security requirements is a complex but critical issue during development. Literature suggests numerous reasons that prohibit the simplistic adoption, or even comparison of requirements; examples apparent in the format used to express them, and processes employed to determine them. This paper presents the initial steps of an approach to ease this process, specially within the context of our cross-enterprise development methodology, BOF4WSS. Specifically, we focus on the design of an ontology to model key factors which influence requirement determination. This ontology will act as the basis for a future tool to state requirements and factors which influenced them, in a common, formal format, to allow for easier analysis and comparison across enterprises © 2009 Springer Berlin Heidelberg.