Capture high-level security requirements in the Software Architecture document and in the system-wide
requirements. The security architect elicits these complex requirements from the stakeholders in
the project, and captures them in easy to understand statements (intents). Document these in general, as well as for
specific elements of the service model and the component model that might be of particular focus.
The reason for the emphasis on intent at this stage is that in many cases, when they are asked about security in a requirements
gathering session, most stakeholders will respond that "of course, everything must be secure". Does that
mean that everything is encrypted, audited, and so on, to which the reply is "oh yes, please". At this point
the security architect explains the implications of such a decision, the cost, the complexity, and the group starts to
have a meaningful discussion about which patterns are relevant to which elements in the architecture. It is these
patterns that express the intent of the system with regard to security, whereas the design-level patterns express the
mechanisms for fulfilling the intent. Finally, implementation patterns express the technology used to fulfill the
intent.
|