Service compositions are implemented through the interplay between actors of different organizations. To protect the privacy of a service consumer’s identity data when using specific services, it may be necessary to enable an anonymous service consumption for users. Since service compositions comprise multiple composition types using different communication flows, preserving the privacy of service consumers becomes even more challenging.
In this work, we provide a concept, which ensures an anonymous registration at a service composition system, which enables an anonymous service consumption by ensuring both, protection of identity data against the operator running and maintaining the service composition system as well as against service providers involved in a composite service. If a service provider mandatorily requires identity data of a service consumer to fulfil his business logic, a service consumer is able to grant access to the identity data specifically for this service provider. This concept uses advanced cryptographic mechanisms to ensure privacy protection offering high efficiency regarding the performance on devices with limited computational power as well as high usability to achieve an overall acceptance among service consumers. The feasibility of the proposed solution is demonstrated by an implemented proof-of-concept.