The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising approach.
In this talk, we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Services technology.