Rosado, DG; Gutierrez, C; Fernandez-Medina, E; Piattini, M

Univ Castilla La Mancha, Escuela Super Informat, ALARCOS Res Grp,Informat Syst & Technol Dept, UCLM Soluziona Res & Dev Inst, E-13071 Ciudad Real, Spain

Purpose - The purpose of this paper is that of linking security requirements for web services with security patterns, both at the architectural and the design level, obtaining in a systematic way a web services security software architecture that contains a set of security patterns, thus ensuring that the security requirements of the internet-based application that have been elicited are fulfilled. Additionally, the security patterns are linked with the most appropriate standards for their implementation. Design/methodology/approach - To develop secure WS-based applications, one must know the main security requirements specified that applications have to fulfil and find appropriate security patterns that assure, through combination or relationships between them, the fulfilment of the implicated security requirements. That is why a possible link or connection between requirements and patterns will have to be found, attempting to select for a determined security requirement the best security patterns that solve this requirement, thus guaranteeing the security properties for internet-based applications. Findings - Using security patterns, that drive and guide one towards a secure development as well as towards security software architecture, one can be sure that this design based on these patterns fulfils and guarantees the most important security requirements of the internet-based applications through the design and implementation of security solutions that provide reliable security services. Practical implications - Security architecture for internet-based applications and web services can be designed considering the security requirement types that it must fulfil and using the most appropriate security patterns. Originality/value - This paper proposes a relationship between security requirements that can be specified for internet-based applications and the possible security patterns that can be used in the design and implementation of the secure system based on the internet, guaranteeing that these security requirements are fulfilled.