How do we apply the principle of complete mediation for a transaction when each part of a service is independent of the other? Use Cases are a synthetic technique used by security to build a shared understanding of the risk profile of the application. The key element in this view are the Use Cases (or other artifact such as User Stories in XP).
The Transaction Use Case Lifecycle View in Service Oriented Security (SOS) plays a critical role in that it ties together all of the elements in the other views into a cohesive whole in the context of a transaction or use case. The Use Case shows the behavioral characteristics, the flow between the component functionality, the externally visible properties, the key actors, and constraints such as usability constraints. Use Cases (or other artifacts such as User Stories) can illuminate logical flaws in order of execution/assumptions that impact security.
The Transaction Use Case Lifecycle view should be used to show the end to end view of the system and then drive the design decisions that emerge through the rest of the views in an iterative manner.
Hello sir, i am student of MS software engineering and currently working on security architecture for Software As A Service (SaaS) how you can help me
thanks
regards
Posted by: ahmed hasan | February 23, 2006 at 01:36 AM