MARV - Data Level Confidentiality Protection in BPEL-Based Web Service Compositions

With services technology being on the rise, the needs for trustworthy and secure data processing emerge. Usually, trust can be established for a data originator and an ultimate data recipient, but how about the data-forwarding parties in between? Especially in inter-organizational service compositions it may be doubted whether all involved partners share the same level of security, especially for data they do not generate nor process themselves. In this paper, we focus on the data confidentiality problem in inter-organizational service compositions, propose a solution based on the Web Services and BPEL specifications, and show how this solution can be applied to real-world scenarios.

[1]  Mark Bartel,et al.  Xml-Signature Syntax and Processing , 2000 .

[2]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[3]  Giovanni Della-Libera,et al.  Web Services Security Policy Language (WS-SecurityPolicy) , 2002 .

[4]  Jean Jacques Moreau,et al.  SOAP Version 1. 2 Part 1: Messaging Framework , 2003 .

[5]  Wil M. P. van der Aalst,et al.  Web service composition languages: old wine in New bottles? , 2003, 2003 Proceedings 29th Euromicro Conference.

[6]  Mark O'Neill,et al.  Web Services Security , 2003 .

[7]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[8]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[9]  Martin Gudgin Web Services Addressing - Core , 2004 .

[10]  Donald E. Eastlake,et al.  Exclusive XML Canonicalization, Version 1.0 , 2004, RFC.

[11]  Mira Mezini,et al.  An aspect-based process container for BPEL , 2005, AOMD '05.

[12]  Barbara Carminati,et al.  Web Service Composition: A Security Perspective , 2005, International Workshop on Challenges in Web Information Retrieval and Integration.

[13]  Frank Leymann,et al.  Web Services Platform Architecture: SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging, and More , 2005 .

[14]  Wil M. P. van der Aalst,et al.  Life After BPEL? , 2005, EPEW/WS-FM.

[15]  Francis G. McCabe,et al.  Reference Model for Service Oriented Architecture 1.0 , 2006 .

[16]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[17]  Gian Luigi Ferrari,et al.  Security Issues in Service Composition , 2006, FMOODS.

[18]  Mira Mezini,et al.  Management Requirements of Web Service Compositions , 2007, WEWST.

[19]  Calton Pu,et al.  Fine-Grain, End-to-End Security for Web Service Compositions , 2007, IEEE International Conference on Services Computing (SCC 2007).

[20]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .

[21]  Fabio Massacci,et al.  From Early Requirements Analysis towards Secure Workflows , 2007, IFIPTM.

[22]  Nils Gruschka,et al.  Event-based application of ws-security policy on soap messages , 2007, SWS '07.

[23]  Florian Kerschbaum,et al.  Security against the business partner , 2008, SWS '08.

[24]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[25]  Nils Gruschka,et al.  Privacy Against the Business Partner: Issues for Realizing End-to-End Confidentiality in Web Service Compositions , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[26]  Philip Robinson,et al.  Security architecture for virtual organizations of business web services , 2009, J. Syst. Archit..

[27]  Yaron Goland,et al.  Web Services Business Process Execution Language , 2009, Encyclopedia of Database Systems.