Composite services are services which are built upon other services, such that when the composite service runs, it calls those other services. In order to be able to call those other services, composite services either have to run within a single trust domain or the composite service must include access control mechanisms to enable authentication with services in other domains. Restricting a composite service to operate within a single trust domain limits the scope and applicability of such a service, whilst including access control mechanisms increases the complexity of the complex service. Additionally, where either the service called by the composite service changes, or the access control details change, it is necessary to update the composite service.
The embodiments described below are not limited to implementations which solve any or all of the disadvantages of known composite services or composite service systems.