Home Work Packages

WP7: Requirements, specification and validation of ASSERT4SOA

WP Leader: FUB

The objective of this work package is twofold: initially, it will specify the requirements needed to drive the conception phase of the ASSERT4SOA framework, while in the second phase, it will validate the resulting framework construction. This work package will take into account not only standard aspects leading to strictly functional requirements but also specific aspects deriving from the real world of standard security certification. These specific aspects, which should produce certificational requirements, will be continuously considered during the evolution of the framework from its conception up to its construction and validation.

Task 7.1: Framework Requirements (Leader: FUB, M1-M9):
This task will provide both the functional and certificational requirements for the ASSERT4SOA framework based on real word scenarios related to the need of a security certification of SOA based solutions. This task will build on the experience of the partner like the recently SAS–70 and ISO27001 (Information Security) certification of the SaaS solution ByDesign and ongoing Common Criteria effort at SAP or the involvement of UniMi in the certification of SafeGuard Enterprise that provides multi-layered endpoint data security by combining encryption and data leakage prevention (DLP) that may typically be used in scenario involving for sensitive business processes.

Task 7.2: Scenario and case study (Leader: SAP, M9-M18):
This task will define the case study to be used as a reference during the ASSERT4SOA framework construction and validation. The case study, selected by using the results of Task 7.1, will stimulate the framework in a significant way so to be able to really contribute to its validation The case study will be selected among the multitude of business processes related to enterprise collaboration like the demo used in the recent prototype Gravity (see Figure 9) developed as a mashup on top of Google Wave by SAP Research that feature the development of high level process descriptions for two merging companies, BCD South Bank and FH Insurance. These two companies are merging in a tough economic climate and management need to quickly re-engineer their business processes in order to capitalise from cross-selling opportunities between banking and insurance products.

Task 7.3: Validation of the ASSERT4SOA Framework based on the case study (Leader: SAP, M19-M36):
The scenario identified by Task 7.2 as the significant case study will be implemented within the ASSERT4SOA framework to verify the whole project approach. All the relevant aspects of the framework validation will be documented to provide a useful validation report.

Task 7.4: Continuous Consultancy about 'Certificational' Requirements: (Leader: FUB, M1-M36):
Based on its expertise on standard approaches to software security certification, FUB will act as a continuous consultant for the remaining partners needing to take into account specific aspects leading to certificational requirements. At least the activities under WP3, WP4 and WP5 will benefit of this continuous consultancy. This activity will be reported and will help to define a set of best practices in the area of SOA certification.

template joomla