Research And Application Of The Extensible Security Technologies For Web Service

Web service is a new standard for distributed calculating aiming at dealing with integration and inter-operation of system between different platforms. It has many advantages, such as open standard protocols, high ability to integrate, loose coupling and good packing and so on. Web service is a new generation of application integration and the way to new business mode, and important approach of contact between companies.However, they have challenged the confidentiality and security severely. Because of its openness,"back system"no longer separates from the outside world. In the process of providing important service function for the internet, web service will reveal some valuable data, application program and the system to kinds of external threats. Due to the existence of these threats, the security is the key that the web service has to achieve.Considering the existing security resolving of web service has some problems such as implementing toughly, only supplying spot-to-spot security and incapable selective encrypting, this thesis improve SOAP and UDDI security model and put forward a new method of WSDL security binding based on studying web service foundation theories(the cipher technique) and web service technology. Then, the integrative extensible security model for web service is gained. An on-line shopping system of safety according to this model is developed finally. The main work includes:①The requirement of web service security such as proof of origin, authorization, confidentiality and data integrity is analyzed. The deficiency of existing web service security resolving used often is researched.②Review the web service foundation theories includes symmetrical cipher technique (DES and Rijndael arithmetic) and asymmetrical cipher technique (RSA, DSA arithmetic and digital envelop). The digested technique and digital signature are also analyzed simply.③Systemically investigate the web service protocol stack and its work mode. Introduce SOAP, WSDL, and UDDI technique in detail. Then, present web service technology and its conventional resolving (HTTP identity authentication, SSL, and authentic web service agent based on PKI/PMI).④Besides XML encryption, XML signature technique and SOAP security extensibility are discussed. We improve them and provide a new method of WSDL security binding to implement WSDL extensible security. At last, offer an extensible security integrated model based on above technology. This model satisfies the extensible security of web service and ensures the data secure transport between the client and server.⑤Analyze web service security environment. Apply the extensible security model into the shopping online system and test its security performance. The test result is favorable.