| Integrated Network Management System (INMS) organizes unified and integrative management for network. Therefore, INMS needs to share management information with element management systems. Distributing object technologies, such as DCOM, CORBA and RMI meet the need, but these technologies are limited in a special field or platform. But Web Service which based on common XML can solve this problem. However, because of incompletion of Web Service technology, Web Service is lack of security infrastructure, so application of Web Service is risky.In order to solve this problem, this thesis research key technologies of Web Service deeply, including XML, SOAP and encryption technologies. The existed criterion of Web Service security– WS-Security is introduced too. The possible security flaws of NMS based on Web Service are also analyzed.After understanding of system security requirement, this thesis design a security mechanism for NMS based on Web Service from aspects of authentication, authorization, encrypted message transmission and security log. Design of security mechanism including:Design authentication mechanism, in method of adding identification authentication element to SOAP head.Solving authorization problems with system based on role and introducing concept of sub-role to solve problem of complex privileges and roles in NMS.Design a simple XML encryption mechanism and using it into SOAP message to make sure transmission security of SOAP.Design security log system for NMS and taking advantage of XML data based feature to solve the problem of incompletion and difficulty in fetching.In foundation of above design, the core structure of two popular SOAP engine and open source are also studied. XML-RPC engine is extended to implement security mechanism designed above. |
PDF Full Text Request