Dynamic access control policies and web-service composition.

Service composition is a fundamental technique for develop- ing web-service applications. In general, a single service is not enough to achieve the user’s goal, rather several services, often from different providers, are composed dynamically to satisfy a request. Ensuring se- curity in such a system is challenging and not supported by most of the security frameworks proposed in current literature. This paper presents a formal model for composing security policies dynamically to cope with changes in requirements or occurrences of events. The model can be used to specify the security policies of web-services and to reason about their composition. We illustrate our approach with a simple example from healthcare services.