Access control policy embedded composition algorithm for web services

Requesters invoke web services to accomplish complicated functions. A complicated function should be decomposed into sub-functions, in which each sub-function can be accomplished by a web service. After that, web services are selected to compose a path to accomplish the complicated function. When composing web service paths, secure access of web services should be considered. Current web service access control policies generally protect web services. In our opinion, requesters should also be protected. This paper proposes a two-leveled web service access control policy and embeds the policy in a path composition algorithm. The upper level access control policy protects web services using attributes and credentials to filter out the web services that cannot be invoked by a requester. The lower level policy uses credit level numbers of web services and security level numbers of arguments to evaluate the possibility of leaking the arguments by a web service. In other words, the lower level policy protects requesters. After the two-leveled access control, the composition algorithm composes multiple paths. The requester can select more than one path. He then selects one of them for execution and the others are spare ones that can reduce the effort of path replanning whenever needed.