Incorporating Security Requirements into Service Composition: From Modelling to Execution
ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
Towards an approach to design and enforce security in web service composition
International Journal of Web Engineering and Technology
| Hi-index | 0.00 |
Web Service composition is to construct complex service through combining available services components as request. Service composition often has to handle the security risk that can not be predicted when the service components are developed. This paper presents an Aspect-Oriented (AO) approach to enhance the security of service composition that can not only realize flexible security policies but also accomplish it with very little run-time overhead. The security control is separated from other functional requirements and encapsuled into service extension aspect. And the composition can be extended by weaving the extension at runtime. It also gives the service composer a chance to unify security policy in composed service by specifying appropriate security extension himself. A Web Service eXtension Environment (WSXE) is devised to demonstrate the approach. Finally, an application of performing userdefined access control dynamically at runtime is given to exemplify the dynamic extension to service composition.