Research On Structural Model Of Web Services Security

Web Services is a new standard for distributed computing, which provides a kind of servicesoriented architecture-SOA. It's really distributed, loose coupling, independent of the positions ofservices provider and consumer, and independent of platforms. It's suitable in communicationsacross firewall boundaries, enterprise application integration, B2B integration and software reuse.However, the security problems that Web Services meets in practice have been restrictingthe development and application of Web Services. Security is a complex problem. Commonmechanisms for secure communications, such as SSL/TLS, IPSec and so on, are suitable forprotecting data security at transport layer or network layer, but can not meet special securityrequirements of SOAP communications. Thus they are unable to ensure the security of WebServices communications. Security solution for end-to-end application is required. It includesencryption, digital Signature, security management and so on. Current studies of Web Servicesfocus on how to build a unified security solution.This paper analyzes SOAP, UDDI, WSDL used in Web Services, then researches XMLsecurity and Web Services security systematically, including security specifications, existingtechnologies and the latest progress. XML Signature defines the processing rules and syntax towrap message integrity, message authentication and non-repudiation. XML Encryptionspecification addresses the issue of data confidentiality using encryption techniques. XKMSspecifies protocols for distributing and registering public keys, which is suitable for use inconjunction with XML Signature and XML Encryption.This paper analyzes five security requirements of Web Services.They are confidentiality,integrity, authentication, authorization and non-repudiation. After the introductions of transportsecurity technology and application security technology, this paper thoroughly analyzes thesecurity guarantees they can provide.WS-Security makes use of the XML Signature and XML Encryption specifications anddefines how to include digital Signature, message digests and encrypted data in a SOAP message.This paper makes some improvement of WS-Security theoretically, combines Diffie-Hellman andTCP handshake mechanism, and proposes a kind of method which can realize multipleencryptions and multiple signatures.This paper proposes a secure data mutual model based on RSA anthentication technology,which can guarantee secure transmission of the data between client and server.This paper constructs a Web Services security model by combining these technologies,which can ensure the confidentiality, integrity, non-repudiation, authentication and authorizationof SOAP message. Besides this we discuss its security capabilities according to the securityrequirements.This paper analyzes Web Services security environment, including of Web ServicesEnhancements and Web Services security namespace, implements a secured Web Servicesexample based on WSE.It fulfills the requirements of confidentiality, integrity andnon-repudiation.