Research And Implement Of Security-Web Service Model

Web Service technology is increasingly given attention in IT field today.It is considered that Web service is the integration of the new generation application and the way to new business mode, and important approach of contact between companies. But it is show by investigating that the security of Web service has been the highest attention of many company. And secure mechanism of web service is very complex, Most of Web service must use very simple and guard way to deploy. Many latent attack aimed at Web site is relate with Web service due to using Web technology by Web service. Many affair data are collected in SOAP message, on account of concision is gotten by using XML, instruction and data structure can be transform into readable format. Security is getting very important for simply using and tampering with the unprotected data by anyone. Now the three fields that need secure Web service is: identity validation/authorization,transport layer and application layer. Relative to security of Web service, WS-Security Specification was brought forward by IBM,Microsoft and VeriSign etc. It provide many security model and encryption technology. But WS-Security Specification now is in developing process,many content in it must be strengthen,at the same time it is excessively heavy and complicated in commonly Web service application. many function in WS-Security now can't be use, such as roboticized policy protocol etc. these function have no use for most of company. Company should deploy the secure mechanism that suitably satisfy its secure requirement. This paper presents a simple Security model of Web service,the model is out of affair, To make use of specialty of Handler technology in SOAP message. SOAP message are encapsulated. The model can provide authorization, XML Digital Signature, XML Digital Encryption. Security Proxy can be founded between client and server.The specialties of the model are simple, easy deploying and being independent of affair,the model basically fulfill the request of security, such as Privacy ,Authorization,Integrity, Authenticity , Non-repudiation.the model can entirely be out of affair, the system completely is based on Open Source and very simple compare to the complex system based on WS-Security specification. Some simple Web service can be safeguarded by the model.