Securing Data in Composite Web Services

Abstract

Service-oriented architecture (SOA) provides a solution for building information systems with reusability, flexibility, and extensibility. In SOA, new services can be developed by using existing services. BPEL is considered as the main means for composing services. In service composition, a composite service may be built from element services which belong to different administrative domains. Therefore, in order to exploit the benefits of service composition, we must carefully consider security issues. One of them is to protect users' information. In this paper, we describe an approach for securing BPEL composite Web services. We assume that some users' data received by the composite services needs securing. The proposed approach makes sure that when the data is sent out from the composite service appropriate security policies will be applied.