IEEE International Conference on Web Services (ICWS'05) (2005)
July 11, 2005 to July 15, 2005
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICWS.2005.126
Anis Charfi , Darmstadt University of Technology
Mira Mezini , Darmstadt University of Technology
Web service composition languages promise a cheap and effective means for application integration over the Internet as in typical B2B interaction scenarios. BPEL is the upcoming standard for web service composition and several implementations of it are already available. However, for web service composition languages to keep their promises it is essential to provide more support for security. Companies will embrace web service composition languages only if their requirements of confidentiality, integrity, authentication, etc. are fulfilled. In this paper, we look at security in web services compositions and present a framework for securing BPEL compositions using WS-Security and WS-Policy. The main components of our framework are the process container implemented by a set of aspects in AO4BPEL, an aspectoriented extension to BPEL, the security service and the deployment descriptor. We also introduce the notion of policy-based process deployment to check the compatibility of the security policies of the composition and its partners at deployment time.
A. Charfi and M. Mezini, "Using Aspects for Security Engineering of Web Service Compositions," IEEE International Conference on Web Services (ICWS'05)(ICWS), Orlando, Florida, 2005, pp. 59-66.