Improving Privacy in Data Service Composition

Abstract

Today, the de-facto standard mechanism for data service providers to share their services is through web-service interfaces; clients invoke the service through request messages and receive the data as payloads in the corresponding response messages. Typically, clients need information beyond what any single provider offers; in such cases, multiple data services must be composed to provide a complete solution meeting the client needs. The term 'data-service composition' refers to a unified interface that delivers to the client the data it needs in response to a single request message, as if it were available withing a single source. Data-service composition is useful and convenient for the requesting client, but raises privacy concerns since a participating data-service provider potentially can infer information about the data held by other providers. In this paper, we propose a data-service composition method that relies on a mediator for the communication between any two service providers, ensures that the mediator is strictly following the data-composition plan, and maintains privacy between the mediator and service providers. The data service provider first authenticates that the input data is coming from the correct source as per the composition plan, and this is done whilst ensuring complete privacy between the mediator and other service providers. Similarly, data service providers also authenticate the destination of their output data. The approach is validated and its performance evaluated using a real world online retail dataset. © 2013 IEEE.