Secure Service Rating in Federated Software Systems Based on SOA

Abstract

The Service-oriented Architecture (SOA) paradigm mostly provides a suitable approach as to meet the requirements of flexible distributed software systems. Referring to the activities for the standardization of Web Service semantics or alternatively the introduction of intelligent search mechanisms future software architectures are supposed to integrate software components as remote services of foreign providers. If the authors assume that such services can be standardized e.g. as components of standard business application systems the vision of a service economy arises where services of the same type can be marketed by different providers. A service consumer on the other hand could choose the service he likes best at runtime. However, this vision is clouded by a multiplicity of risks which meet each other in the question of the specific reliability and trustworthiness of service providers in a certain context. Previous research activities picked up this problem whereby a lot of promising approaches and frameworks have been developed which concern the negotiation of trust within open network architectures like grids or peer-to-peer networks. Nevertheless, the genesis of the trust relationship between two network nodes has been neglected. This chapter presents an approach for the establishment of reputation in federated software systems where central network instances for the management of evaluations are avoided. In the authors’ approach the service providers are responsible for this task on their own. The authors present a novel security protocol for the message-based exchange of service evaluations that deters service providers from manipulating their own ratings.