Research And Implementation On Web Services Security Mechanism

As a new kind of distributed computing model, Web services solve the problem of the data exchange and integration between enterprises. But the openness of the network makes Web services very vulnerable to security threats. The traditional security mechanism only guarantees the Web service the transport layer and network layer data security. Due to the Web service environment of heterogeneous distribution, and dynamic, put forward to a challenge to traditional security access control. In order to satisfy the Web services and access control aspect demand, on confidentiality, integrity, and can't deny sex, identity authentication, access control, papers puts forward a kind of Web service security solutions with all sorts of security technology and safety norms for the foundation. The main work of papers is:(1) Papers analyses the safety technology Web service, gives security issues and security threats of Web service, determines the safety goals of Web services.(2) Through the analysis of existing Web service safety norms and safety technology, this paper presents a relatively complete, based on the news of the Web service security layer solution. This scheme consists of two modules, safety information processing module and access control module. Security information processing module uses the extensibility of the SOAP message to add safety properties to prevent the replay attack, and realize user cross-realm authentication. In safety messages in processing module, uses WS-Security and XML encryption technology encryption the sensitive information in the SOAP message, so as to ensure a SOAP message of confidentiality and integrity of the data. Access control module authorizes decision-making according to the safety attribute information and Web service parameters on the improved framework of XACML access control.(3) The paper designs a series of interceptor according to the Web services safe way, and adds to the Apache CXF engine in the way I can with. Through CXF news in I can with Apache engine configuration encryption interceptor, authorized interceptor, signature interceptor and SAML assertion interceptor to ensure the integrity of the Web services, and to provide the confidentiality and higher levels of identity verification and access control. (4) The paper realizes the interceptors and access control of safety in use of open-source tools WSS4J, SUNXACML and OPENSAML, and the paper analysis the experimental results on safety.