Application Research On Single Sign-On In Web Services Security

Web Services is a kind of new distributed computing model. It is the combination correlative technologies such as, XML, SOAP, WSDL and UDDI, etc. Web Services has the characteristics of platform independency and language independency, and its main objective is to construct a technology layer that is independent of platform or programming language on the basis of various kinds of different existing platforms. The applications on all kinds of platform rely on this technology layer to implement the mutual connection and integration, so Web Services creates a kind of open distributed system that makes any enterprise and individual in any place can utilize Web Service and engage in business activities and other various kinds of activities.An end-to-end Security solution is required, so the security problems that Web Services meets in practice have been restricting the development and application of Web Services. Security is a complex problem. It includes authentication, authorization, encryption, decryption, security management and so on. Authentication and authorization is the precondition of utilizing Web Services in a secure and effective way. Therefore it is an important role in designing Web Services security. Single Sign-On (SSO) technology is a sharp weapon to resolve this problem.Current SSO solutions could be easily applied to common web sites'authentication, but they all can't be same with that of Web Services. To the question of current status and reqirement of Web Services security, with the help of Single Sign-On technology, the thesis designed a SSO system based on WS-Security and SAML. WS-Security defines a standard method for appending security information to SOAP message, it also ensures messages'integrality and confidentiality by using XML Signature and XML Encryption, and SAML defines a format for changing authentication, attribute and authorization assertion. The SSO system based on these two specifications provides description of security context, contains wonderful possibilities of security context interoperation between different secure systems, and makes users free of using Web Services in different secure domains. In addition, the part of SSO manager was developed with HTTP module, it makes the system some additional advantage, such as well compatibility, easy deployment, etc.The thesis also describes the implement of the very system, and discusses some performance and security problems which may be encountered in the application for the system and gives the corresponding solutions of these problems.