@article {javierlopez2005c, title = {Specification and Design of Advanced Authentication and Authorization Services}, journal = {Computer Standards \& Interfaces}, volume = {27}, number = {5}, year = {2005}, month = {Jun 2005}, pages = {467-478}, publisher = {Elsevier}, abstract = {

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.

}, issn = {0920-5489}, doi = {10.1016/j.csi.2005.01.005}, author = {Javier Lopez and Jose A. Montenegro and Jose L. Vivas and Eiji Okamoto and Ed Dawson} }