Date Added: Jan 2011
The paper shows that information leaks are inherent in object models based on subtyping and inclusion polymorphism. Web services interact with other systems across organizational boundaries using such an object model. In the context of web services, information leaks pose serious security and privacy concerns. A safe web service is one which neither is a source of any information leak nor exploits any information leak. The paper defines properties of such a safety model and proposes mechanisms to enforce the safety requirements. Leaks inherent in the programming paradigm however cannot always be completely masked while keeping the desired interoperability and flexibility of services intact, especially in compositional scenarios.