Dynamic Weaving of Security Aspects in Service Composition

Author

Song, Haitao ; Sun, Yanming ; Yin, Yingyu ; Zheng, Shixiong

Author_Institution

Coll. of Mech. Eng., South China Univ. of Technol., Guangzhou

fYear

2006

fDate

Oct. 2006

Firstpage

189

Lastpage

196

Abstract

Web service composition is to construct complex service through combining available services components as request. Service composition often has to handle the security risk that can not be predicted when the service components are developed. This paper presents an aspect-oriented (AO) approach to enhance the security of service composition that can not only realize flexible security policies but also accomplish it with very little run-time overhead. The security control is separated from other functional requirements and encapsuled into service extension aspect. And the composition can be extended by weaving the extension at runtime. It also gives the service composer a chance to unify security policy in composed service by specifying appropriate security extension himself. A Web service extension environment (WSXE) is devised to demonstrate the approach. Finally, an application of performing user-defined access control dynamically at runtime is given to exemplify the dynamic extension to service composition

Keywords

Web services; authorisation; data encapsulation; formal specification; object-oriented programming; Web service composition; Web service extension environment; aspect-oriented approach; security control; security extension; security policy; security risk; service composition security; Access control; Educational institutions; Mechanical engineering; Printing; Runtime; Search engines; Security; Sun; Weaving; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Service-Oriented System Engineering, 2006. SOSE '06. Second IEEE International Workshop

Conference_Location

Shanghai

Print_ISBN

0-7695-2726-4

Type

conf

DOI

10.1109/SOSE.2006.14

Filename

4027137