| In recent years, many enterprise applications adopt Web Services to realize their system's loose coupling and integration, which has become the new hot research. It is much important to assure the security of Web Services to make it receive wide application, and security communication is basis of Web Services' security.Web Services communication is based on SOAP which transports from end to end. But the current security solutions are just for point to point communication, end to end security selutions are just specifications. As for adopting what kind of techniques to resolve these problems, there aren't uniform methods. The paper designs a security model based on components to resolve security problems in Web services communication which satisfies security requirements in Web Services communication.According to MVC pattern, adopting current popular programmer language of Java, refering to the idea of Session Facade pattern, and making use of the specialties XML Signature, XML encryption, SOAP security extension, the paper designs security model based on component. Security component mainly adopts SOAP encryption and signature, SOAP verify and decryption, authentication and authorization and distribution of session key and so on. So it has merits of flexibility, reuse, retractility and so on.The paper adopts Apache Axis as SOAP engine, describes process of realization and publication of security model in details, and analyses and validate security model. In the end of the paper it sums up the merits and shortages of the security model, and points to the next working direction and emphasis.
|
PDF Full Text Request