Composite Web Security

Web services are modular, self-describing software components that can be invoked over a distributed network. A single transaction can be composed of many individual Web services. Applications published online via WS can be accessed by many different types of systems. Businesses can take advantage of this ease of interoperability to expand the consumption of their online services. Web Service Composition associates web services to create high level business process that absolutely matches and conforms appropriately to the service requestor’s needs. It involves customizing services often by locating, assimilating and deploying elementary services. Currently, composition of web services is done by orchestration. An orchestration is a workflow that combines invocations of individual operations of the web services involved. It is therefore a composition of individual operations, rather than a composition of entire web services.

In service composition, element services may belong to different administrative domains (i.e. services belong to different organizations) and the interactions between services may be carried out through insecure networks. There is also no boundary for accessing the resources and there are many security considerations that have to be taken into account when assessing Web service transactions. This raises the security concerns involved in composite Web services. However, in order to keep the language from complexity, the designers did not take security into account when developing the language. Many researches have been done for filling the gap however, significant improvements are still required to improve the security & privacy of composite web services.