By Simon Johnston, IBM © Copyright 2004 by IBM Corporation. All Rights Reserved.
A PDF version of this article is available. You must
have Adobe Acrobat installed to view
Many enterprises are implementing Service-Oriented Architecture (SOA) using Web services, and are designing those
services according to the principles of Model Driven Architecture (MDA). Because the Unified Modeling Language (UML)
used to express MDA lacks model elements for indicating the security needs of business processes, system architects are
forced either to ignore security concerns in their models or to indicate their intentions in ways that are
implementation-specific. This paper proposes a candidate profile for UML that presents security-related intent elements
as stereotypes that business users and software architects can apply to UML elements when working with business
stakeholders to capture business requirements. Using a profile such as the one proposed here would allow architects to
specify the business intent of security in their designs without violating the MDA prohibition against
implementation-specific details in high-level, behavioral models.