In this paper, we have tackled the problem of Web service
composition, focusing on security issues. Five security
requirements, including Confidentiality, Authentication,
Integrity and Non-repudiation, has to be addressed to ensure
the safety of information exchange among trading partners.
Then, a security architecture is depicted. At the transport level,
HTTP Basic Authentication (BASIC-AUTH) and Secure
Socket Layer (SSL) is chosen. SOAP security, which is
composed of digital signatures, encryption, and security
assertions, provides transport-agnostic security measures for
SOAP messages. Focusing on the internal processes within a
company, we describe authorizations to protect resources by
giving appropriate permissions to the accessing entities.
Finally, PKI is discussed in detail.