Secure Web Service Composition with Untrusted Broker

Composite web services are usually coordinated according to a workflow, composed by several activities, each of which carried out by a service. A way to coordinate this cooperation is orchestration, which implies that the workflow underlying the composite web service is processed by a broker hosting a workflow engine (e.g., BPEL engine). According to the orchestration paradigm, the broker coordinates the invocation of services involved in the composition by passing the needed parameters. In general, all previous proposals for the service orchestration model consider the broker as a trusted entity. As such, they never payed attention to the fact that the broker is able to access several pieces of sensitive data. We believe there is the need to protect them against improper access and usage from partner services as well as the broker. To cope with these issues, in this paper, we propose a protocol based on a selective encryption able to ensure that both the broker and service partners can access only the information needed to fulfill their activities.