Skip to Main Content
In this paper, we describe SEWSEC, a Secure Web Service Composer that assists the system designer to secure his composed Web Services. The system designer can use standard tools like BPEL to compose services and configures the security of some exchanged data and internal resources. By abstracting the system to a hierarchy of dependence graphs, SEWSEC applies an Information Flow Control verifying that the configuration ensures an end-to-end security. In case of insecure configuration, SEWSEC helps the designer to modify it and the security code is generated. A use case study on a real system illustrates SEWSEC practical usage, its interoperability with web services standards and its acceptable performance.