Security WG

The scope of this WG includes:

  • Recommendations for the achievement of a holistic security model in service eco-system, based on selected business scenarios
  • Recommendations for trust and security of core services, the fundament of NESSI framework.
  • Recommendations for reducing complexity in the service eco-system design and difficulty to adapt it to security policy changes.
  • Recommendations related to the confluence between classical dependability and security
  • Linking trust (dependence or belief on some system's properties) and trustworthiness (the merit of that system to be trusted, the degree to which it meets those properties or its dependability).
  • Recommendations for mechanisms to establish and maintain trust, both technical and non-technical (e.g. trust in process and service ownership, guidance and authorization of dynamic reconfiguration of processes and services etc)
  • Recommendations for mechanisms to establish and maintain trustworthiness, including, but not limited to, a discipline of secure services engineering; the provision of assurance of security and dependability properties for services and applications composed of them; the ability to validate these properties at design time and, in evolving architectures and applications, at run-time; and the ability to monitor, measure, test and predict the security status of a system.
  • Recommendations for Secure coding practises, design and development patterns and models
  • Recommendations for Service dependability on infrastructures
  • Recommendations for TSD assurance, management, audit and governance
  • Recommendations for further treatment of legal and other issues