Skip to Main Content
In this paper, we present a framework providing integrity and authentication for secure workflow computation based on BPEL Web service orchestration.Whereas much attention has been dedicated to security issues for Web services, no standard and practical solutions have been provided to secure workflows. In this paper, we address a recent cryptographic tool, aggregate signatures, to validate the orchestration by requiring all partners to sign the result of their computation. Security operations are performed during the orchestration and require no change in the services implementation. We present a prototype implementation for validating linear workflows and we evaluate its performance. We further give a generalization of our basic scheme that can be used to validate generic workflows.