| With the wide application of Internet and the rapid development of Web Services technology, a new kind of distributed computing model– Service-Oriented Computing caused computer academia and industry more and more attention. Service-Oriented Computing is based on Web Services and makes the services and their combinations connected and collaborated through the Internet in the distribution network nodes. It realizes interaction and the integration of the dynamic and heterogeneous application and improves the agility and interoperability of the application system. However, as the same time Service-Oriented Computing widely used, the network information security faced big challenges. In Service-Oriented Computing, the security of Web Services and composite Web Services has become the bottleneck of restricting its further development. The security problems mainly involved such five aspects, consistency, integrity, confidentiality, authentication and access control. Among them, the identity authentication and access control are the two most important safety factors. Identity authentication is a prerequisite for access control to ensure the service requestor's identity in order to prevent impersonation attacks and replay attacks. It provides safe foundation for accessing to the Web service resources. Access control prevents illegal users'intrusion and legitimate users to access the protected service resources unauthorized, and improves the data security of Service-Oriented Computing environment. However, due to poor flexibility, difficult expansion and other shortcomings, the traditional authentication mechanism and access control model has not well adapted to the dynamic, heterogeneous, distributed environment.Intensive study was conducted on the characteristics and security problems of Service-Oriented Computing in this paper. Firstly, based on the analysis of the security requirement, service security specifications (WS-Security, SAML, XACML and so on) and technology, we did researches of authentication mechanism and access control model and pointed out their deficiencies. Thus, a new security solution active demanded to meet the dynamic and heterogeneous Service-Oriented Computing environment.Then, after the study of characteristics of cross-domain access for Web Services in Service-Oriented Computing environment, a SAML-based dynamic cross-domain authentication mechanism was proposed. The mechanism used SAML in the form of assertions to describe the identity authentication, attribute information and provide portable trust relationship. This mechanism can ensure certification of the exotic services, and achieve single sign-on, adapting to the dynamic, heterogeneous, distributed environment. Further more, it provided the green safe passage for access control. Then, faced on the control problems of elementary services and composite services in Service-Oriented Computing and after comprehensively considered the role-based access control and attribute-based access control model. This paper put forward a dynamic access control model of composite Web Services (CWSDAC). The model served attributes of each elementary service in composite Web Services as an authorized basis, defined the attributes of elementary services and composite services, and introduced time characteristics and context environment. It achieves more flexible, dynamic, fine granularity cross-domain access control to the service resources.Finally, the model of security was designed and implemented. The authentication model was designed based on SAML. In the CWSDAC model, access control policies were described by XACML, and it proposed access control framework. And then it analyzed authentication and access control process in details with an example, and realized part of the code implementation. |
PDF Full Text Request