Research And Application Of Security Model Based On XML Web Service

With the development of information process, enterprises have more demands on application integration and interoperability. However, the heterogeneity between different application systems makes information exchange and integration between different enterprises or different departments difficult. What is worse, it even leads to information isolation. In order to settle these problems, there emerges the Distributed Object Technique like DCOM, CORBA, RMI, etc. But these technologies are often limited to specific fields and platforms. The emergence of Web Services, which bases on the XML, could settle this problem well.Compared to traditional techniques used in enterprise application, Web Services was designed to be open and interactive. Therefore, it especially needs to be protected. Many core secure demands, including authentication, authorization, cryptogram, obligation and security management, have been defined. Together with some secure standards. However, there is not any practicable process which can satisfy these secure demands and standards. According to this problem, the thesis conducts an investigation on Web Service Security from a view of end to end Enterprise Application Security Integration (EASI), and suggests a security model based on XML Web Services.Firstly, the thesis briefly describes the application architecture of Web Services, and focuses on the core secure technique and the related standards. The thesis explains in detail the fundamental principles of security design on the Web Services-based application, and discusses the core technologies relating to security as follows: passwords for identity authentication, authorization, responsibility and safety management.Secondly, the thesis presents a Web Services-based enterprise application services security model with logistics system as the prototype system. The thesis discusses in detail the security model based on the security requirements analysis process, the security function design process, and the security implementation and validation process.Finally, considering the status of enterprise applications, based on the implementation of the security model of a specific Web Services-based logistics system, the thesis illustrates the security requirements of the system thoroughly, and gives the detail functional design on the Web services-based enterprise application security model. The thesis chooses .NET as the platform, and discusses the implementation process of the security model in the system. The thesis also validates the effectiveness of the design and implementation of the security model. Results show that the security model is practical (simple and easy to achieve), flexible (scalable). It could be used as a reference in the construction of secure enterprise application system based on Web Services.