The Implementation Of Web Services Security Architecture Based On Trust SOAP

With the development of Web service, it is inevitable to bring security hidden trouble to the information. So its security is becoming more and more important to Web service. Security solution for end to end application is required; it includes encryption, digital signatures, Security management, firewall and so on. SOAP, the basis of Web Service transport protocol, plays an important role in the implementation of Web Services Security.This paper introduces the specification that proposes a standard set of SOAP extensions that can be used when building secure Web services to implement integrity and confidential. We refer to this set of extensions as the "Web Services Security Language" or "WS-Security". WS-Security uses SOAP header to carry security message. If uses XML Signature, this header should embody the message defined of XML Signature, which includes signature methods, using key and signature value. If some elements use XML encryption, the header should embody the message defined of XML Encryption. WS-Security not restricts the format of XML Encryption or XML Signature, but restricts how to embed some message defined by other standards. WS-Security is mostly a standard using XML security elements container. In the SOAP header, message can be used saved the information of call direction, signature method and encryption method. WS-Security saves total security information into SOAP header of the message, so it can provide end to end security solution for security of Web Services.In this thesis we discuss the standard set of SOAP and its security system, and status and limitation existing in current solution of Web Services Security. In this paper, we can learn how to use WS-Security and other methods WSE to embed security mechanism into SOAP message. We can understand identity validate, Signature and Encryption of WS-Security. On the basis of standard, the paper brings forward and analyses the principle of Trust SOAP security system architecture, and expounds the key technology Security Token, XML Encryption and XML Signature of WS Security. Inspired by WS Security design thought, the paper tried to utilizeavailable security technologies to design and realize the WS Security system architecture base on Trust SOAP, and, explains the implementation of every part's function, especially of XML Signature and XML Encryption.