| Web Services technology is an emerging technology, which obtained the rapid development in recent several years, and its characteristics of open and loose couple enabled it more convenient to actualize application system integration. But, just these characteristics brought new security issues and became an important factor that affected its deployment. A series of security standards of Web Services had been already published, but these standards were mostly some frame suggestions, respectively pointed. So far, there are still lack of unified definition about Web Services security, and also do not have the systemic security model.The dissertation spread research centreing on Web Services secure model. The main work as follows:[1] Analyzing the research status quo of Web Service secure technology, and introducing the architecture of Web Service, secure standard and relative technologies.[2] Discussing Web Services secure requirements, of which reduce to confidentiality, integrity and non-repudiation. Then analyzing the main factors that affect its security and the shortage of existing secure technologies. We think it is necessary to design a secure model that is compatible with the kinds of security technologies based on existing secure standard.[3] Designing an integrated Web Services secure model, and giving its definition. We explain the model's structure and the principal element, and make a formalization description of its principle, then analyze its security. This model can guarantee the end-to-end security at the level of message, and provides off-line unified identity authentication based on X.509 certificate, and carries on the authorized management to assign roles according to user identity.[4] According to the secure model, we design a prototype system and describe the system compositions, function, and the key algorithm. This system has been applied to campus network environment and implement users identity authentication; secure encryption transmission and users authorization. |
PDF Full Text Request