The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.

Business Processes are considered a crucial issue by many enterprises because they are the key to maintain competitiveness. Moreover, business processes are important for software developers, since they can capture from them the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. Security is important for business performance, but traditionally, it is considered after the business processes definition. Empirical studies show that, at the business process level, customers, end users, and business analysts are able to express their security needs. In this work, we will present a proposal aimed at integrating security requirements through business process modeling. We will summarize our Business Process Modeling Notation extension for modeling secure business process through Business Process Diagrams, and we will apply this approach to a typical health-care business process.

Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed [1]. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.