Privacy-Aware Web Service Composition and Ranking

Service selection is a key issue in the Future Internet, where applications are built by composing services and content offered by different service providers. Most existing service selection schemas only focus on QoS properties of services such as throughput, latency and response time, or on their trust and reputation level. By contrast, the risk of privacy breaches arising from the selection of component services whose privacy policy is not compliant with customers' privacy preferences is largely ignored. In this paper, we propose a novel privacy-preserving Web service composition and selection approach which (i) makes it possible to verify the compliance between users' privacy requirements and providers' privacy policies and (ii) ranks the composite Web services with respect to the privacy level they offer. We demonstrate our approach using a travel agency Web service as an example of service composition.

[1]  Petri Mähönen The standardization process in IT — too slow or too fast? , 2000 .

[2]  Barbara Carminati,et al.  Security Conscious Web Service Composition , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[3]  Nizar Abdelkafi,et al.  Seizing Opportunities for the Support of Innovation through Committee Standards and Standardization: Insights from German Companies , 2014, Int. J. IT Stand. Stand. Res..

[4]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .

[5]  Michael Mrissa,et al.  Privacy-Aware DaaS Services Composition , 2011, DEXA.

[6]  Andrew Targowski The role of social networking in civilizational development: Towards better communication and reasoning in the global virtual nation and virtual nation , 2013 .

[7]  Hyunbo Cho,et al.  On the functional quality of service (FQoS) to discover and compose interoperable web services , 2009, Expert Syst. Appl..

[8]  Sebastián Uchitel,et al.  WS-Engineer: A Model-Based Approach to Engineering Web Service Compositions and Choreography , 2007, Test and Analysis of Web Services.

[9]  Boualem Benatallah,et al.  A Petri Net-based Model for Web Service Composition , 2003, ADC.

[10]  Fabio Martinelli,et al.  Application Security for Mobile Devices , 2015 .

[11]  Vuong Xuan Tran,et al.  QoS Based Ranking for Web Services: Fuzzy Approaches , 2008, 2008 4th International Conference on Next Generation Web Services Practices.

[12]  E. Michael Maximilien,et al.  Toward autonomic web services trust and selection , 2004, ICSOC '04.

[13]  John Mylopoulos,et al.  Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology , 2010, Advances in Intelligent Information Systems.

[14]  Munindar P. Singh,et al.  Commitment-Based Service-Oriented Architecture , 2009, Computer.

[15]  Geerten van de Kaa,et al.  The Challenge of Establishing a Recognized Interdisciplinary Journal: A Citation Analysis of the International Journal of IT Standards and Standardization Research , 2013, Int. J. IT Stand. Stand. Res..

[16]  Nicola Zannone,et al.  Towards the development of privacy-aware systems , 2009, Inf. Softw. Technol..

[17]  Robert van Wessel Toward Corporate It Standardization Management: Frameworks and Solutions , 2010 .

[18]  Sharon Paradesi,et al.  Integrating Behavioral Trust in Web Service Compositions , 2009, 2009 IEEE International Conference on Web Services.

[19]  Barbara Carminati,et al.  A Privacy-Preserving Approach for Web Service Selection and Provisioning , 2011, 2011 IEEE International Conference on Web Services.

[20]  DongBack Seo Evolution and Standardization of Mobile Communications Technology , 2013 .

[21]  Phongphun Kijsanayothin,et al.  Privacy and Recovery in Composite Web Service Transactions , 2010 .

[22]  Qazi Bouland Mussabbir,et al.  IEEE802.21 Assisted Fast Re-Authentication Scheme over GSABA , 2012 .

[23]  Diego Calvanese,et al.  Synthesis of underspecified composite e-services based on automated reasoning , 2004, ICSOC '04.

[24]  Xiang Fu,et al.  Formal Verification of e-Services and Workflows , 2002, WES.

[25]  Ken Barker,et al.  Quantifying Privacy Violations , 2011, Secure Data Management.

[26]  I. V. Ramakrishnan,et al.  A Framework for Building Privacy-Conscious Composite Web Services , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[27]  Ralph L. Keeney,et al.  Book Reviews : Scientific Opportunities and Public Needs: Improv ing Priority Setting and Public Input at the National Institutes of Health. Institute of Medicine. Washington, DC: National Academy Press, 1998, 136 pages, $26.00 , 1998 .

[28]  Rachel Barker,et al.  IT Policy and Ethics: Concepts, Methodologies, Tools, and Applications , 2013 .

[29]  Alfred G. Warner Block Alliances in Formal Standard Setting Environments , 2003, Int. J. IT Stand. Stand. Res..

[30]  Wolfgang Nejdl,et al.  A hybrid approach for efficient Web service composition with end-to-end QoS constraints , 2012, TWEB.

[31]  Chi-Chun Lo,et al.  A Reputation-Based Service Selection Scheme , 2009, 2009 IEEE International Conference on e-Business Engineering.

[32]  Frederick Hirsch,et al.  Web Services Policy 1.5 - Attachment , 2007 .

[33]  Chi-Chun Lo,et al.  Fuzzy matchmaking for Web services , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[34]  Ramakrishnan Srikant,et al.  XPref: a preference language for P3P , 2005, Comput. Networks.

[35]  Karin Bernsmed,et al.  A Server-side Approach to Privacy Policy Matching , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[36]  Jim Isaak The Role of Individuals and Social Capital in POSIX Standardization , 2006, Int. J. IT Stand. Stand. Res..

[37]  Robert van Wessel Client/Server Standardization "Uniform Case" , 2010 .

[38]  Patrick Martin,et al.  Reputation-Enhanced QoS-based Web Services Discovery , 2007, IEEE International Conference on Web Services (ICWS 2007).

[39]  Ken Barker,et al.  A Data Privacy Taxonomy , 2009, BNCOD.

[40]  Yinsheng Li,et al.  A Fuzzy Model for Selection of QoS-Aware Web Services , 2006, 2006 IEEE International Conference on e-Business Engineering (ICEBE'06).

[41]  T. Saaty How to Make a Decision: The Analytic Hierarchy Process , 1990 .

[42]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[43]  Leonor Barroca,et al.  Requirements-Driven Collaborative Choreography Customization , 2009, ICSOC/ServiceWave.

[44]  Anne Layne-Farrar,et al.  Innovative or Indefensible?: An Empirical Assessment of Patenting within Standard Setting , 2011, Int. J. IT Stand. Stand. Res..

[45]  Nikolay Mehandjiev,et al.  Multi-criteria service recommendation based on user criteria preferences , 2011, RecSys '11.

[46]  Ismail Hakki Toroslu,et al.  A Semantic-Based User Privacy Protection Framework for Web Services , 2003, ITWP.

[47]  Йоханн Вольф Framework for building , 2006 .

[48]  Anique Hommels,et al.  Beyond the "Point of No Return": Constructing Irreversibility in Decision Making on the Tetra Standard in Dutch Emergency Communication , 2010, Int. J. IT Stand. Stand. Res..

[49]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[50]  John Mylopoulos,et al.  Hierarchical hippocratic databases with minimal disclosure for virtual organizations , 2006, The VLDB Journal.

[51]  Ian Graham,et al.  Standards Development as Hybridization , 2013, Int. J. IT Stand. Stand. Res..

[52]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .