Web Services, Which is issued in recent years, is a newly Web-oriented development & integration framework for distributed applications. Based on the Services-Oriented Architecture, Web Services uses the Internet's communication protocols and XML to transport messages, and represents a more loosely-coupled distributed application architecture. However, security is a crucial requirement for the Large-scale usage and adoption of Web Services technology.Web Services security problems can be divided into three levels of security: Network Transport Security, SOAP Message Security, and Application-level Security. With the maturity of network security and SOAP message security technologies, more efforts are made to deal with the issues of application-level security, which means security policy design and employment.Based on an analysis of Web Services security Policy and an investigation of the exiting Policy description languages, this thesis Presents a description framework of Ontology-based Web Service Security policy. Thow important aspects of Web Service security policy, access control and privacyare considered. And apply it to e-commerce, Establish a trust relation between service provider and service requester through security policy. In addition consider the problem of exiting trust management, this thesis presents a policy sematic access control turst-based Web Service management system. |