Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. www.modeldrivensecurity.org - www.policyautomation.org - www.objectsecurity.com

Friday 5 December 2008

Ecosystem for model-driven security is getting ready

Many vendors provide model-driven tools today, incl. business process management (BPM), model-driven engineering/development (MDE/MDD), model-driven integration (MDI), enterprise architecture (EA) etc.
Process-let SOA orchestration and model-driven code generation or service integration is also a reality today, and big vendors such as Microsoft have announced that they will release these features in their mass-market software development tools.
This is great news for model-driven security, which ties into model-driven tools in order to automatically and traceably produce fine-grained, contextual security policies.
The fact that mainstream tools are available and in use today enables shrink-wrapped, push-of-a-button model-driven security to be added to such model-driven tools - ObjectSecurity has just produced such a shrink-wrapped security policy generator for IntalioBPMS and their OpenPMF model-driven security technology.
SOA security, and specifically security policy management for SOA are also being closely examined, and model-driven security has been identified as a great solution.
So everything is finally coming together in the mass market - watch this space!