The Service-Oriented Architecture (SOA) is considered as the most promising paradigm over the last few years for delivering functionalities and allowing business cooperation. In SOA, the traditional vision of security aims to keep properties such as availability, authenticity and confidentiality by protecting the web service itself. However, in such an approach, the particularities of the human interaction in regard to the behaviors of the service stakeholders have been until now based only on trust. In this article, we present an approach based on machine readable contracts and evidences for improving the traditional web service-centered security. Similarly, the usefulness of this approach in context of semi-automatic auditing and risk management is discussed.
contract, evidences, model, service, SOA, trust