VODCA 2008 Secure Web Service Workflow Execution Carsten Rudolph a,1 Nicolai Kuntze a,2 Zaharina Velikova a,3 a Fraunhofer Institute for Secure Information Technology (SIT), Darmstadt, Germany Abstract In this paper we identify specific security requirements for distributed workflows and provide a decentralized workflow execution mechanism that ensures their satisfaction. With our composition concept we ensure that each web service can access only the information which is needed for the correct execution of the invoked operations and we provide an execution proof of the fulfilled assignments. Our approach relies on a data structure, called process slip, which is passed among the web services participating in the composition. Keywords: Decentralized workflow execution, security requirement, electronic process slip 1 Introduction A Workflow Management Systems (WFMS) is often used to support the automated execution of business processes. Nowadays the World Wide Web provides new opportunities of performing such business processes, namely by deploying different web services. A standard for specifying such workflow processes is the Web Services Business Process Execution Language (WSBPEL) [2], or BPEL in short. A web service workflow can be defined as a set of interacting web services or a web service composition, in which it is determined which web services participate in the process, the order of their interactions and which data is transferred during the process. Web service compositions are used to automate the coordination between participating “partners” thereby increasing the efficiency of the whole process. There exist two different types of interaction between the single web services in a workflow: • service orchestration (centralized) refers to those workflows, in which there exists one central service that receives the client requests, makes the required data transformations and invokes the component web services. • service choreography (decentralized) refers to the workflows in which there are multiple engines, each executing a composite web service specification (a small 1 Email:carsten.rudolph@sit.fraunhofer.de 2 Email:nicolai.kuntze@sit.fraunhofer.de 3 Email:zaharina.velikova@sit.fraunhofer.de This paper is electronically published in Electronic Notes in Theoretical Computer Science URL: www.elsevier.nl/locate/entcs