Privacy-Aware Web Service Composition and Ranking

Service selection is a key issue in the Future Internet, where applications are built by composing services and content offered by different service providers. Most existing service selection schemas only focus on QoS properties of services such as throughput, latency and response time, or on their trust and reputation level. By contrast, the risk of privacy breaches arising from the selection of component services whose privacy policy is not compliant with customers' privacy preferences is largely ignored. In this paper, the authors propose a novel privacy-preserving Web service composition and selection approach which i makes it possible to verify the compliance between users' privacy requirements and providers' privacy policies and ii ranks the composite Web services with respect to the privacy level they offer. The authors illustrate their approach using an eCommerce Web service as an example of service composition. Moreover, the authors present a possible Java-based implementation of the proposed approach and present an extension to WS-Policy standard to specify privacy related assertions.

[1]  E. Michael Maximilien,et al.  Toward autonomic web services trust and selection , 2004, ICSOC '04.

[2]  Yinsheng Li,et al.  A Fuzzy Model for Selection of QoS-Aware Web Services , 2006, 2006 IEEE International Conference on e-Business Engineering (ICEBE'06).

[3]  John Mylopoulos,et al.  Hierarchical hippocratic databases with minimal disclosure for virtual organizations , 2006, The VLDB Journal.

[4]  Sebastián Uchitel,et al.  WS-Engineer: A Model-Based Approach to Engineering Web Service Compositions and Choreography , 2007, Test and Analysis of Web Services.

[5]  Ismail Hakki Toroslu,et al.  A Semantic-Based User Privacy Protection Framework for Web Services , 2003, ITWP.

[6]  Ralph L. Keeney,et al.  Book Reviews : Scientific Opportunities and Public Needs: Improv ing Priority Setting and Public Input at the National Institutes of Health. Institute of Medicine. Washington, DC: National Academy Press, 1998, 136 pages, $26.00 , 1998 .

[7]  Barbara Carminati,et al.  Security Conscious Web Service Composition , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[8]  Xiang Fu,et al.  Formal Verification of e-Services and Workflows , 2002, WES.

[9]  Ken Barker,et al.  Quantifying Privacy Violations , 2011, Secure Data Management.

[10]  Michael Mrissa,et al.  Privacy-Aware DaaS Services Composition , 2011, DEXA.

[11]  I. V. Ramakrishnan,et al.  A Framework for Building Privacy-Conscious Composite Web Services , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[12]  Karin Bernsmed,et al.  A Server-side Approach to Privacy Policy Matching , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[13]  Patrick Martin,et al.  Reputation-Enhanced QoS-based Web Services Discovery , 2007, IEEE International Conference on Web Services (ICWS 2007).

[14]  Hyunbo Cho,et al.  On the functional quality of service (FQoS) to discover and compose interoperable web services , 2009, Expert Syst. Appl..

[15]  Chi-Chun Lo,et al.  A Reputation-Based Service Selection Scheme , 2009, 2009 IEEE International Conference on e-Business Engineering.

[16]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .

[17]  Barbara Carminati,et al.  A Privacy-Preserving Approach for Web Service Selection and Provisioning , 2011, 2011 IEEE International Conference on Web Services.

[18]  Phongphun Kijsanayothin,et al.  Privacy and Recovery in Composite Web Service Transactions , 2010 .

[19]  Leonor Barroca,et al.  Requirements-Driven Collaborative Choreography Customization , 2009, ICSOC/ServiceWave.

[20]  Nikolay Mehandjiev,et al.  Multi-criteria service recommendation based on user criteria preferences , 2011, RecSys '11.

[21]  Boualem Benatallah,et al.  A Petri Net-based Model for Web Service Composition , 2003, ADC.

[22]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[23]  Ken Barker,et al.  A Data Privacy Taxonomy , 2009, BNCOD.

[24]  Chi-Chun Lo,et al.  Fuzzy matchmaking for Web services , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[25]  Ramakrishnan Srikant,et al.  XPref: a preference language for P3P , 2005, Comput. Networks.

[26]  John Mylopoulos,et al.  Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology , 2010, Advances in Intelligent Information Systems.

[27]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[28]  Vuong Xuan Tran,et al.  QoS Based Ranking for Web Services: Fuzzy Approaches , 2008, 2008 4th International Conference on Next Generation Web Services Practices.

[29]  Sharon Paradesi,et al.  Integrating Behavioral Trust in Web Service Compositions , 2009, 2009 IEEE International Conference on Web Services.

[30]  Frederick Hirsch,et al.  Web Services Policy 1.5 - Attachment , 2007 .

[31]  Diego Calvanese,et al.  Synthesis of underspecified composite e-services based on automated reasoning , 2004, ICSOC '04.

[32]  Wolfgang Nejdl,et al.  A hybrid approach for efficient Web service composition with end-to-end QoS constraints , 2012, TWEB.

[33]  Munindar P. Singh,et al.  Commitment-Based Service-Oriented Architecture , 2009, Computer.

[34]  Nicola Zannone,et al.  Towards the development of privacy-aware systems , 2009, Inf. Softw. Technol..