Service-oriented architectures (SOA) constitute a major architectural style for large-scale infrastructures and applications built from loosely-coupled services and subject to dynamic configuration, operation and evolution. They are the structuring principle of a multitude of applications and the enabling technology for recent software paradigms like Mashup or SaaS.
Assessing the trustworthiness of such complex and continuously evolving systems is a challenging task since a) methodologies – mainly based on certification processes – developed for assessing conventional static systems can hardly handle the dynamicity and variety of SOA based systems, b) few artifacts can be used to support and automate the assessment of the trustworthiness of a stand-alone service, and no means exist to assess the trustworthiness of composite applications, c) there is no mechanism to express and confront claimed security properties.
To address these issues and to realize our vision of bringing Certification-based Assurance to Service-based Systems, ASSERT4SOA has 3 main objectives: 1) to develop methods and tools to support certification of SOA based software by providing abstract models for these systems that capture their peculiarities and the security properties they satisfy ; 2) to develop schemes for expressing certification claims in the SOA lifecycle and mechanisms for handling them; 3) to provide mechanisms and tools enabling to reason about ASSERTs (Advanced Security Service cERTificates) in order to assess the trustworthiness of service based systems at runtime.