Research And Application Of Web Service Security

With the rapid development of computer network and communication technology, people have more and more time web-surfing, and network security attracts more and more attentions. Service as a new generation of network technology, its loose coupling, Cross-platform and cross-linguistic characteristics have become the favorite of many users and the support of many enterprises. Although the Web has many advantages, but security is more than a matter of concern. Web Service increasingly becomes mainstream technology in the field, but the prerequisite is to resolve its security problems.Currently Web Service technology is still the beginning stages, there are many related technology become the IT industry hot topics, Web service security is the hottest issues. With the trend of the changing dynamics of e-commerce is growing, Web advantages in the IT infrastructure of each layer is becoming increasingly obvious. However, this change in order to be successful, the key is to establish a clear, comprehensive and standardized methodology to ensure that existing Web security.This paper analyzes and studies the encryption and decryption of XML, XML Signature Verification and XML Key Management Specification.Expounded the WS-Security standard, and conducted an in-depth study in access control, Identity Authentication and safely Communication of Web service.Base on the research and summarizing of security elements related to Web service and SOAP security application model, combined with the typical Web service application model and the special security needs based on the Web service application environment we discuss the web service security architecture based on Ws-Security. At the same time based on this architecture, established a Web service security model based on information layer which not only guarantees the confidentiality and integrity of SOAP information also provides end-to-end security and scalability and provides a comprehensive security. Then detailed all parts of this model and carried out the security processor of this model. In the Intelligent Building SOA system, the using security processor in the ticketing module of public information achieves a secure communication results. Thus verifies the security of the security architecture and security model and meets basic safety requirements of the Web service security.