Towards an approach to design and enforce security in web service composition

Modelling and enforcing security requirements is an important but challenging task in web service composition. However, the explicit treatment of security requirements is challenging for many reasons: diversity of security background of involved stakeholders, absence or complexity of notations to express security requirements, complexity of mapping security requirements into security mechanisms and enforcing them at runtime. Existing work often delays considering the security requirements until the implementation and execution. We present an approach to design and enforce security in web service composition. By adopting the proposed approach, security requirements are incorporated during the business process definition and service composition code generation, and enforced at runtime. The proposed approach is supported by a set of tools that allows annotating business processes with security requirements, refining the security annotated business process and enforcing security annotations at execution time. We showcase an illustrative application to demonstrate the proposed approach and developed tools.