Abstract:
Web Services are at the heart of many Internet-based e-business systems. Security issues in web services are critical for the continuity of the provided services. Solutions such as Role- Based Access Control and Trust-Based Access Control were proposed to address threats to security in single Web Service scenarios. These solutions do not fully provide the required security level in situations related to composite Web Services. We present a new security framework related to composite Web Services and that combines role-based and trust-based access control. We verify the correctness and performance of the proposed framework and show simulation results from a prototype implementation. © 2010 IEEE.