Trustworthy Web Services: An Experience-Based Model for Trustworthiness Evaluation

Introduction

The evolution of Internet and Web based technologies energize enterprises to conduct worldwide business transactions with greater ease than before. Various B2C and B2B applications have been developed to provide continuing business services for customers and partners. However, tightly coupled applications only enable enterprises a static business pattern, which cannot fulfill a great deal of diverse demands in today’s fast-moving business environment. How to deliver adapted business services to customers and partners in a timely manner becomes a hot issue for e-business development now. Web service is an emerging solution that aims to support cross-functional integration beyond organizational boundaries. A number of de facto standards including SOAP (Mitra, 2003), WSDL (Chinnici, 2004), UDDI (Bellwood, 2003) and BPEL4WS (Andrew, 2003) are proposed for service communication, description, advertisement and orchestration respectively. By providing a uniform framework to solve the heterogeneity of programming languages and platforms, Web services can help e-business utilize virtual service components to build Web-based enterprises information systems that automate business processes in an inter-enterprise manner. Web services will not only make enterprises be more responsive, efficiency and productivity but also make it easier to conduct B2B e-commerce via standard interface. Gartner Group (Pezzini, 2003) predicts that there are more than 60% of businesses will adopt Web services by 2008. Furthermore, some enterprises have adopted Web services to conduct their businesses among their partners and customers now, for example, Galileo International (Galileo, 2006) and Triple A (Triple A, 2006).

However, delegating a computing task to dynamically found services have to undertake the risk of unknown service providers and unknown services qualities. The uncertainties in such a distributed, loosely organized, flexible and dynamic computing environment will cause a lot of trustworthiness problems including (1) Quality of Service (QoS): What are the service’s availability, reliability, scalability, performance and integrity? From service requesters’ perspective, they care about not only the functionality of a service but also its QoS issues. How can service requesters ensure that a found service will be available and will work reliably? Can a service deliver its functionality consistently under different loading? How does a service rollback its execution state if it fails in the middle? (2) Security of message based communications: How do service requesters and service providers keep confidentialities of transmitted data over secured or unsecured communication channels? They have to prevent classified information from internal and external eavesdropping. How can service requesters and service providers maintain data integrity? All interactions and data exchanging between the service requester and the service provider should comply with some kind of agreements. Any unauthorized modifications may lead to violations of agreements or misunderstanding of original intendment. (3) Management of trust relationships: Can service requesters trust service advertisements? What is the reputation of the corresponding service provider? How to measure the service’s functional and non-functional performances is the key for evaluating the trustworthiness of the service advertisements and the service provider. It is also helpful for both service requesters and service providers to maintain trust relationships among them such that they can have higher confidence in choosing the service provider or service requester based on collected past experiences.