Propagation of data protection requirements in multi-stakeholder web services systems

Protecting data in multi-stakeholder Web Services systems is a challenge. Using current Web Services security standards, data might be transmitted under-protected or blindly over-protected when the receivers of the data are not known directly to the sender. This paper presents an approach to aiding collaborative partner services to properly protect each other's data. Each partner derives an adequate protection mechanism for each message it sends based on those of the relevant messages it receives. Our approach improves the message handling mechanisms of Web Services engines to allow for dynamic data protection requirements derivation. A prototype is used to validate the approach and to show the performance gain.