Research And Application Of Web Services Security

As a kind of newly arisen technique, the Web Services technique want to be accepted by the large number of enterprise customer, which must resolve the security problem. The security problem is very important, which requires network can offer a kind safety solution of end to end, such as the mechanism about encryption, the mechanism about signature, the management about security, the control about accessing, firewall, defending virus protection,etc. This paper introduces some basic knowledge and technique about security, researches foundation theories relating with security and the mode about applying SOAP. The point of this paper is to introduce the WS-Security. Combining typical Web Services application mode with the special safety demand of web services' application environment, we put forward a solution base on security technical WS-Security norm, design the web services security structure of the speech information collection and release system.The aim of WS-Security norm is to make the applying procedure can set up the mechanism of safe SOAP message exchange, guarantee the SOAP message's confidentiality, integrality and no deny. But it doesn't provide the complete safety solution. On the contrary, it is just a kind constitute, can make function with other web services expanding or higher class particular applying procedure, to adapt various security modes and encryption techniques. The WS-Security defines a SOAP head element which can take relating data in security. The WS-Security does not specify the signature or encryption format, but specifies how to add other norm defined information into SOAP messages.Successful web services security solution can make use of safety mechanism of delivering layer and applying layer at the same time to set a security function. web services should require a set of declaration provided by incoming news (for example, name, key, permission, function, etc). If the message arrived with no declaration which is essential, service will neglect or refuse it. This is the security model's principal part advanced in this paper.This paper puts forward a set of safety correspondence solution base on web services typical application mode which includes direct trust of using primarily user/password, direct trust of using security certificate, acquisition of the security certificate, security certificate of signing, this four-part cent. According to the differentsafety demands of the applying mode in each web services, this solution guarantees SOAP messages security end to end between the Consuming Application and Service Provider, insures messages confidentiality , integrality , usability and source attestation, provides face entity attestation mechanism between parties' double correspondence.According the application of web services security in the speech information collection and release system, this paper explains the security system in this web structure and function mechanism. At the same time, according the xml signature and encryption to pass the X.509 certificate, it realizes three safety demands: authentication, integrity, confidentiality.Finally, we summary this paper, simply analysis and outlook the Web Services security application.