Regulating data exchange in service oriented applications

• Published in: Proceedings of the 2007 international conference on Fundamentals of software engineering pp. 223 - 239
• Main Authors: Lapadula, Alessandro, Pugliese, Rosario, Tiezzi, Francesco
• Format: Conference Proceeding
• Language: English
• Published: Berlin, Heidelberg Springer-Verlag 17.04.2007
• Series: ACM Conferences
• ISBN: 3540756973; 9783540756972
• DOI: 10.5555/1775223.1775238

We define a type system for COWS, a formalism for specifying and combining services, while modelling their dynamic behaviour. Our types permit to express policies constraining data exchanges in terms of sets of service partner names attachable to each single datum. Service programmers explicitly write only the annotations necessary to specify the wanted policies for communicable data, while a type inference system (statically) derives the minimal additional annotations that ensure consistency of services initial configuration. Then, the language dynamic semantics only performs very simple checks to authorize or block communication. We prove that the type system and the operational semantics are sound. As a consequence, we have the following data protection property: services always comply with the policies regulating the exchange of data among interacting services. We illustrate our approach through a simplified but realistic scenario for a service-based electronic marketplace.