Fine-grain, end-to-end security for web service compositions

Web service composition introduces two research challenges to end-to-end integrity and confidentiality of information flow. First, component services need the ability to selectively read or modify information flows. Second, component web services may or may not be trusted by all participants in the same degree. Existing specifications such as WS-Security provide fine-grained signatures and encryption for pair-wise interactions, but insufficient support for end-to-end security properties in open environments. Using an electronic prescription application, we illustrate the need for an enhanced framework for providing end-to-end security properties. We then describe a fine-grained, security framework, called WS-FESec, that leverages WS-Security to support flexible preservation of end-to-end integrity and confidentiality in web service compositions. Finally, we discuss WS-FESec's support for the lattice model of secure information flow and show how it can be employed to preserve end-to-end security properties in the electronic prescriptions application.