Claims:1. A web service system, comprising:
a. one or more computer systems;
b. one or more service requesters;
c. a plurality of heterogeneous components and one or more security components;
d. receive one or more Web Service requirements for the Web Service system;
e. receive user input specifying one or more design aspects of a secure web service architecture for the web service system;
f. the received web service requirements, the received user input, a web security services security assessment structured methodology, and one or more security design patterns; and
g. generate the output including information indicating the secure web service architecture; and
h. service registry implemented on one or more computer systems, wherein the service provider is further configured to register and publish the secure web security services in the service registry, and wherein the service requester is further configured to discover the service provider through the service registry.
2. The web service system as recited in claim 1, wherein to generate the web service architecture in accordance with the web security services security assessment structured methodology apply one or more web security services design patterns including the one or more security design patterns to the web service architecture.
3. The web service system as recited in claim 1, wherein it incorporates quality of security services including reliability, scalability, and availability on the web service system.
4. The web service system as recited in claim 1, further comprising a service broker implemented on one or more computer systems and configured to securely interact with the service provider and service requester to negotiate and provide the secure web security services to the service requester.
5. The web service system as recited in claim 4, wherein it is configured as the service broker.
6. The web service system as recited in claim 1, wherein is a business-to-consumer web service, wherein the service provider is a business service provider, and wherein the service requester is an end user.
7. The web service system as recited in claim 1, wherein the web service system can include a plurality of layers, wherein the plurality of layers can include two or more of:
a. a network layer;
b. a transport layer;
c. a service description language layer;
d. a transaction routing layer;
e. a service discovery layer;
f. a service negotiation layer;
g. a management layer;
h. a quality of service layer;
i. a security layer; and
j. an open standards layer;
, Description:Technical Field of the Invention
This invention relates to computer software, and more particularly to Web Security services.
Background of the Invention
The term Web Security services has quickly become a buzzword in the market. There are true successes, and much hype about Web Security services technology solutions. Much of the market hype focuses on what it can do, rather than on integration. Some generalize that Web Security services technology can address all types of business problems. Web Security services technologies are a good technology enabler for legacy system integration and cross-platform interoperability but may not necessarily be the perfect solution to all types of business problems. Such Web Security services interest has coincided with the proliferation of XML and Java technology and Business-to-Business (B2B) commerce. The key attraction of Web Security services comes from the business drivers of cost reduction and B2B integration. There are many aspects of the changing economic landscape and emerging trends that support the potential use of Web Security services, especially in the financial security services and B2B commerce areas. There are primarily three types of information: (1) White Pages—business names, description, contact information; (2) Yellow Pages—business categories using standard codes such as NAICS, UN/SPSC, and geographical taxonomy; and (3) Green Pages—information model to store implementation information of business processes, service descriptions, and binding information. The UDDI information model is a data model that encapsulates the business information of business organizations and service details.
Object of the Invention
The present invention relates to system and method for implementing security service in a business-related data on a website

Summary of the Invention
Embodiments of system and method for implementing security service in a business-related data on a website. Lifecycles of the Web Security services Security Assessment structured methodology may include one or more of, but are not limited to: vision and strategy, architecture design, development, integration, and deployment. In one embodiment, in the Vision and Strategy Web Security services life cycle, architects may collect user security requirements and technical security requirements and encapsulate them into use case requirements using Use Case modeling techniques. In the Development life cycle, architects may develop protection measures or security application codes to protect the Web Security services objects and components. If necessary or desired, architects may apply one or more Web Security services security tools. In the Integration life cycle, architects may apply one or more Web Security services security design patterns to integrate different Web Security services components together.
The object relationship for security protection may be defined, and the associated trust domains, security policy and strategy and threat profiles may be identified. A set of protection schemes and measures for these Web Security services objects may be derived. One or more supporting Web Security services (security) tools may be applied to complete the security protection schemes, if necessary. Web Security services design patterns, including security design patterns may be applied wherever appropriate.
One embodiment may be implemented as a Secure Web Security services architecture design mechanism. The secure Web Security services architecture design mechanism may receive Web Security services requirements as input and, using the input, assist a user in designing and generating a secure Web Security services architecture using the Web Security services Security Assessment methodology and design patterns including security design patterns. A Web Security services infrastructure may then be deployed or implemented in accordance with the secure Web Security services architecture.
Brief Description of Drawings:
FIG. 1 illustrates an exemplary complete Web Security services application according to one embodiment.
Detailed Description of Invention:
Embodiments of a system and method for implementing security service in a business-related data on a website providing are described. FIG. 1 illustrates an exemplary complete Web Security services application according to one embodiment. To build a complete application as illustrated in FIG. 1, a developer may follow the examples and concepts of embodiments of the generic Web Security services architecture described herein to wrap an existing business service as Web Security services (for example, using JWSDP's deploy or Axis), publish it in a Service Registry (for example, using JAXR), expose the business service via a Message Provider (for example, using JAXM), and/or parse data from the business partners using JAXP and XSLT. The following describes two exemplary scenarios where Web Security services technology implemented according to embodiments of the generic Web Security services architecture may be a good fit. The first exemplary scenario is a membership award program, which is a common customer loyalty program, and provides a seamless integration between a credit-card bonus point system and business partners for redemption, account balance, activity tracking, and cross-selling. The second exemplary scenario is a single payment gateway that enables corporate banking customers to utilize payment security services from multiple banks, referred to as a Payment Security services scenario.
To establish a business case for Web Security services implementation, some common characteristics and prerequisites of the candidates are discussed, followed by the selection criteria of a pilot project, business benefits, and some risk analysis. Typically, many corporations would start a pilot program (or Proof of Concept) to justify the business case and to mitigate the technology risks. A sample Return on Investment (ROI) model, based on the pilot scenario, is provided in the business case. The target candidate for Web Security services implementation may be one where existing monolithic security services may be decomposed into more atomic business security services. By exposing these atomic business security services, business information from various sources may be aggregated with a business process engine into meaningful business information and customer-oriented security services. Preferably, the target candidate should have one or more of, but not limited to, the following characteristics:
Trading Partners. There may be more than one external trading partner involved. There is also a need to interoperate with back-end legacy systems and heterogeneous platforms. Otherwise, the low complexity does not justify using Web Security services technology.
Reusability. The reusability of business security services and customer information should be high. If the solution is unique and cannot be reusable anywhere, then there is no business case.
Branding. Some people believe integrating two different security services may lose the original branding, as either or both parties may need to compromise in some areas to accommodate technical constraints. While keeping a consistent branding, we need to provide flexibility (such as providing personalized or customized security services for managed security services), especially for white labeling security services. The integration technology used must be flexible enough to accommodate the different constraints of the back-end security services.
Technology Constraints. Back-end business security services or application functionality are unlikely to be re-engineered. Thus, the technology used should coexist and leverage existing back-end security services and should not require a rewrite or significant modification.
Limited Delivery Time Window. There should be a short and limited time window to deliver the system. Thus, the technology used must be easy and quick to deploy