With the popularity of the Web Service's application, it's security has become the key factor that constrains its development. How to provide a reasonable and comprehensive secure model to satisfy the special security need for Web Service and direct the development of turbo and all-sided secure platform has became a crucial research field in the area of Web Service.Based on the analysis of attacks on Web Service, the security need aiming at the dynamic and extendable character of Web Service was generalized. The security needs concentrate on five facets: confidentiality, authentication and authorization , integrity and non-repudiation. Combined with these specific requirements of security, correlative techniques was discussed such as data encryption and digital signature.Based on these security techniques, the good and poor facets of some representational secure model were analysised, and the WSISM(Web Service Integrated Secure Model) was promoted. The model inherits the strongpoint of present model such as secure message mechanism, network transportation security and so on. In the mean time, the model overcomes the flaws like difficulties of the Web service's development, poor extensibility and unilateral security consideration.WSISM's main security components include security proxy, security service center, secure network and secure message. To validate the WSISM's design targets, combined with security technology, a prototype system was contrived. The prototype system realizes the key parts of the secure component: authentication center, message secure proxy and access controler. The construction methods of the secure service center, the pivotal steps to realize message secure proxy and the kernel distribution arithmetic in Role Based Access Control were summarized.
|