Study And Practice Of The Security Mechanism Based On Web Service Electronic Commerce

As a newly-distributed computer model, Web Service, which owns such characteristics as being simple, platform-crossing and loosely-coupled, can easily implements application integration on heterogeneous platform. Web Service is widely used in the field of E-business in recent years, especially it gains very wide popularity in the application of B2B E-business. While the technology of Web Service is not still very mature in many aspects, taking its security as an example, it has already become one of the main obstacles to stop the popularization. In this article, the author chiefly describes the security system of Web Service in order to build secure E-business under the Web Service framework.. This article introduces the system configuration, clarifs the protocol levels of Web Service, and stresses its most important specifications—SOAP(Simple Object Access Protocol), which defines the news-transforming system between Web Service and its applicants; WSDL(Web Services Description Language) which describes the ports of Web Service and the ways of transferring; and UDDI(Universal Discover, Description and Integration ), which provides the equipment for register service information so that other users on internet can conveniently discover and make the best use of the service.Then the security deficiencies of web service are also presented, the characteristics of its securities are analyzed at large, for example, end-to-end security, transmission independence, and security controlling of elemental distinction and so on. Aiming at these characteristics, experts have already developed the criterion of WS-Security which is also circumstantiated here. WS-Security uses SOAP header to carry security message. If uses XML Signature, this header should embody the message defined of XML Signature ,which includes signature methods, using key and signature value. If some elements use XML encryption, the header should embody the message defined of XML Encryption. WS-Security not restricts the format of XML Encryption or XML Signature, but restricts how to embed some message defined by other standards.WS-Security is mostly a standard using XML security elements container. In the SOAP header, message can be used saved the information of call direction, signature method and encryption method .WS-Security saves total security information into SOAP header of the message ,so it can provide end to end security solution for security of web service.In this paper, we can learn how to use WS-Security and other methods to embed security mechanism into SOAP message .We can understand identity validate, Signature and Encryption of WS-Security. In addition, we'll get a clear idea on the WS-SecurityPolicy applied in web service. Meanwhile, this passage also analyses how to design and implement SOAP security module, bring forward a design ideology based on security policy, put forward an idiographic design project, and finally with a simple applied demonstration, it illuminates the structure and functions of the security mechanism.In the end, the author summarizes the whole context and briefly gives a conclusion on the analysis and expectation of web service.