Research And Implementation Of OCSP Service Based On Web Service In E-Government

Chinese government is making great efforts to construct E-Government and has made a great achievement. As an experimental city in information and data construction called by the information industry department and Shandong province, Weihai city spends a lot of money on the E-Government system construction. Public Key Infrastructure system provides the basic infrastructure for the security of E-Government services. As the key entity of PKI, Certificate Authority system faces the main following problem: These government departments usually adopt different technologies and development platforms by different software providers. So there is a problem that these kinds of solutions can't operate with each other.The OCSP service based on PKIX-OCSP (Online Certificate Status Protocol) provides the service of querying certificate status on line according with data issued by the directory server based on Lightweight Directory Access Protocol and CRL(Certificate Revocation List). OCSP service overcomes the localization of CRL to provide the new response of certification's status. As a part of CA system in Weihai's E-Government, OCSP service system must resolve the problem that can't operate mutually across different platform. And the other problem to be resolved is communication obstacle between client and server caused by some firewall software and proxy servers lie between them.To resolve the two problems, it adopts Client/Server mode inthe design of OCSP service system and adopts Web Service technology in implementation of Client and encapsulation of OCSP function of online certificate status checking into Web service. Web Service technology makes OCSP service component and uses UDDI ( Universal Description , Discovery and Integration) protocol to issue it. The OCSP service component can be called through SOAP (Simple Object Access Protocol) and standard network protocols. OCSP service system based on Web Service achieves specialties including: first, OCSP service system can operate across different systems.Second, OCSP server and client part communicate across firewall and proxy server. OCSP service can be located dynamically and used. Then OCSP service and other application can integrate and operate mutually. It is convenient for E-Government system's expansion and upgrade. The reliable Web Service provides a very perfect, dynamic extendable and flexible distribute compute module. Based on this, it will simplify the infrastructure of E-Government services significantly.The paper has four parts as following: The first part summarizes the concept of E-Government and its current development situation. Then we analyze the problems in the E-Government construction's goal which Weihai city faces. This is the background for the research of OCSP. The second part analyzes PKIX-OCSP, and discusses the relative of other certificate issue technique. We achieved a little improvement on OCSP service implement. The third part is about CA system design and implementation and OCSP service implement in detail. The fourth part displays OCSP service application in E-Government and two kinds of test based on Web and client application.The reliable web service platform and component technologyhave become the advanced mainstream technology in E-Government construction. The use of Web Service technique in PKI system development makes services into components. It should have great facilitation to the development of PKI system, especially towards the development direction based on the standard and mutual operation.