Quality of Security Service for Web Services within SOA

Service-Oriented Architecture (SOA) is a paradigm for creating and encapsulating business processes in the form of loose-coupling, autonomous and abstracted services. Managing the non-functional requirements of SOA such as security, is an over arching problem due to the wide variety of ways the service consumer can access the services offered by the service provider and the equally varied restrictions the service provider can set for gaining access by the service consumer. In this work, we propose a metadata for quality of security service for SOA. The proposed metadata provides different levels to describe the available variations of the authentication, authorization and privacy features that are related to SOA security. A Web Service for Quality of Security Service (QoSS) is then constructed to encapsulate the suggested metadata in order to assist the service consumer and provider to achieve a QoSS agreement meeting both of their requirements. The QoSS agreement will perform as an enforced policy for managing the interactions between the service provider and consumer. The service of QoSS is located inside a complete framework for securing SOA.