Article Preview
TopIntroduction
The Future Internet will be characterized by a new generation of applications built by composing services and data from different providers and organizations in order to provide users with added-value services tailored to their needs. Web services play a key role in realizing this vision because they can be advertised, located, and composed over the Internet using standards like WSDL, UDDI and BPEL, respectively. Typically, Web service composition is represented by a plan consisting of tasks that, at run-time, are instantiated to the actual services satisfying users’ requirements. Due to the increasing number of services available offering similar functionalities, it is hard for users to select an optimal service composition among a list of candidate services that satisfy their needs. Therefore, service selection is a key challenge in the Future Internet.
The literature offers a large amount of work on Web service composition and selection. Most of the existing approaches focus on the identification of optimal Web services among a set of candidates based on constraints on the Quality of Service (QoS) performance of the candidates (Alrifai, Risse, & Nejdl, 2012; Chao & Younas, 2005; Hammond, Keeney, & Raiffa, 2002; Jeong, Cho, & Lee, 2009; Tran & Tsuji, 2008; Wang, Chao, Lo, Huang, & Li, 2006) or on their trust and reputation level (Maximilien & Singh, 2004; Paradesi, Doshi, & Swaika, 2009; Wang, Chao, Lo, Farmer, & Kuo, 2009; Z. Xu, Martin, Powley, & Zulkernine, 2007). To the best of our knowledge, only few works have investigated privacy issues in service selection (Massacci, Mylopoulos, & Zannone, 2006; Squicciarini, Carminati, & Karumanchi, 2011) and composition (Hewett & Kijsanayothin, 2010; Tbahriti et al., 2011; W. Xu, Venkatakrishnan, Sekar, & Ramakrishnan, 2006). Despite the limited effort, privacy plays a major role in Web service composition and selection. The orchestrator usually collects a large amount of personal data about their clients and eventually shares these data with the service providers providing the orchestrated services. This, however, may lead to risks of data misuse. For instance, a service provider may use client data for unlawful purposes. As a consequence, more and more users are considering privacy practices adopted by Web service providers as an important factor for service selection: users will more likely use Web services that customize the service provision based on users’ privacy preferences.
In this paper, we propose an approach to assist both users and Web service providers in composing and selecting optimal services with respect to their privacy preferences. We use AND/OR trees to represent the orchestration schema, component services and their privacy policies. Based on this representation, we present an algorithm that identifies the Web service compositions compliant with user privacy preferences. To help them to select the best Web service composition, our approach ranks admissible composite Web services (i.e., composite services whose privacy policy satisfy user preferences) with respect to their privacy level. The privacy level quantifies the risk of misuse of personal data based on three dimensions: sensitivity, visibility and retention period of information.