| In recent years, the Internet has made a rapid progress, and the development of most applications intends to be browser-based thin client applications. Although thin client fails to provide a better interface, it can avoid high costs on release of desktop applications. Webservice appeared, which employs Web technology and component-based technology. It uses standard Internet protocols, such as Hyper Text Transfer Protocol (HTTP) and Extensible Markup Language (XML), to embody the function into Internet and Intranet. Those component-based models such as DCOM, RMI and IIOP rely on a certain object model protocol. Webservice expands these models, so that they can communicate with Simple Object Access Protocol (SOAP) and XML, thus remove the obstacle caused by the certain object model protocol. So Webservice can be viewed as component program on Web.Due to its great advantage and the support of Microsoft, IBM and SUN, Webservice with a variety of functions is sure to pop up in the software market. With its popularity, Webservice security problem is coming out inevitably. Webservice provided by E-bank, E-affair etc. is likely to be the attack and forgery target, consequently, the private information and the confidential data of government will be stolen.In this dissertation, we first introduce the background of Privilege Management Infrastructure (PMI)-based Webservice privilege management model, analyze the necessity of establishing a PMI system, and outline the main works of the author.Secondly, composition, function, trust model and standard of Public Key Infrastructure (PKI) are presented. State of the art of PKI is discussed. The problems of PKI research are also pointed out.Thirdly, definition, composition, access control framework and privilege rules of PMI are introduced. The key contents of attribute certificate and attribute authority are also presented.Finally, a PMI-based scheme to TI Easy Secruity for Webservice is described in detail, including the system design goal, the scheme selection, the architecture and detailed design process. An instance of the system application is given and the characteristic of the PMI-based system is analyzed. At last we summarize the disadvantage of the system and the future work.
|
PDF Full Text Request