Research On Web Service Security Composition

With the rapid development of internet technology, internet application mode has experienced from web page, web application to web service. However, it is hard for single web service to satisfy current practical application. How to combine current internet services to form new services has become a new research hot in this field.Web service composition is to choose those relative simple but effective web services to form new composition services, which can make good use of existed information resources. The past research demonstrated that web service composition included some key issues, such as dynamic service discovery, complex service implementation, and transaction processing of complex service. However, Service description language with rich semantic information is the key part to solve these problems in the web service composition. Most of current studies focus only on how to combine services. They ignore the security issues in the composition. However, in the composition services, the security issues are very important. As for these problems, this paper analyzes exist security problems in web service and the problems in web service composition. At the same time, it proposes a security web service composition method based on web service security criterion to construct a security web service composition frame work. This Web Service composition method is based on Business Process Execution Language for Web Services (BPEL4WS). It locates web services by forming an abstract work flow. In the composition process, it checks in quality of service (QoS), security capabilities and security constraints and matches compatibility constraints. Then it builds a weighted composition tree (WCT) after having chosen the best available services. Finally according to the whole security evaluation value or the service cost and other parameters, the tree is optimized and the optimal path for users is selected as the composition result. The method is proper for the situation where the service is composed of several other services and there are many security constraints. It introduces the quality and security evaluation standards for web service into web service composition method to ensure the system service quality and safety to satisfy users'requirements. In the paper, it mainly includes the following contents. i) safely expands description of Web service; ii) expresses security information; iii) constructs Security Validate Model (SVP); iv) constructs compatibility matching module; v) designs the establishment and searching arithmetic of the weighted composition tree. Finally, we give an example which describes the above web service security composition method's working process in detail and simulate it.