The Simple Object Access Protocol Security Enforced Research Based On Access Control

SOAP(Simple Object Access Protocol) has gained more popularity in distributed application system based on network. However, it has to be pointed out that, there is no standard access control security criterion in SOAP protocols. Different SOAP application may take different method to solve access control problem, making it easy to bring about security trouble in application systems. How to realize the access control to the application source based on SOAP protocol, to limit the access the key source, avoiding the destroy that unlawful user invade and lawful user make a wrong operation to bring on has became the important research content in the soap research field.Based on sufficient analysis of current SOAP protocol and access control, to analyse the key technology, and draw conclusion on the access control based on SOAP. On the basis of the conclusion, uniting the SOAP protocol material characters and the XML(eXtensible Markup Language) element and character of SOAP message, to design access control system SFGACS (Fine-Granularity Access Control Based on SOAP) which possess the fine-granularity access control character. Via the SFGACS control the application source, it can enforce the security ability of application source and improve the security of application.The design principle, basic factor of SFGACS is presented. Then, the framework of SFGACS is described on the basis of SOAP and access, corresponding algorithm is also given out. SFGACS includes four parts: SOAP protocol system, user authentication system, certificate system and authorization filtrating system. SOAP protocol system is responsible for bottom communication, data description and RPC(Remote Procedure Call) call.User authentication system is responsible for analyzing certification. Authorization filtrating system deals with filtrating authorization. SFGACS includes realization of SOAP protocol and access control filter. Realization of SOAP protocol includes SOAP protocol encapsulation, HTTP(Hypertext Transfer Protocol), XML and RPC Access control filter includes user database, transaction database user, relation database of mapping between IP and right and authentication engine.Experiment shows that,compared with current SOAP protocol,SFGACS integrated with RBAC can reduce security trouble of application distinctly.