Study On Access Control Mechanism Of Web Services And Its Composition

According to the advantage of platform independent, loose coupling and opening, Web Services application infrastructure become preferred solution to share enterprise information and integrate enterprise application. Web Services are involved in integration and deployment among different domains, where the access control models and policies are often different. In order to provide access control of Web Services across multi-domain, it is necessary to solve management of federate identity, integration of existing access control policies and trust relationship of different services provider must be solved. The traditional security mechanism can't fulfil these requirements. Thus the study of Web Services security become a hotspot recently, it is also critical factor for Web Services technology popularization.This dissertation focuses on the study of Web Services security of distributed security infrastructure, access control model and identity management.Firstly, a layered principle is used to design a protocol stacks based Web Services Security Framework (WSSF) based on protocol stacks and its logic model and implement model are described in detail. The layered structure enables a system to be modular, opening and effective. It builts up infrastructure of security information sharing and interaction among different layers and reduces the complexity of Web Services system analyzing and designing.Secondly, based on the RBAC96 model and object oriented principle, role based access control model for Web Services (RBACWS) is demonstrated and defined in formalization. The permission assignment mechanism is discussed. Furthermore, the method of defining permission mapping from business process is provided.Thirdly, adopted SOA design principle:, a federated identity management application framework is provided. It improves the interaction of security informationbetween Web Services application through trusting and federating method to capture reference data of user and transaction. An example of federated identity system is also discussed in campus network application. The framework supports distributed management and opening acquirement of the security information effectively. The interactive authority and trust of security policies is fulfilled easily.Fourthly, the visual language Petri net is used in Web Services composition application. Based on Petri net, a model of Web Services composition flow is proposed and defined in formalization. The mapping method between Petri Net model and Web Services Business Process Execution Language is provided. This model supports adaptive Web Services composition among different domain visually. It provides a new method for developing Web Services composition.Finally, based on the above study results, a prototype system in the digital campus is established.