Research And Implementation Of A Mechanism For SOAP-Based Web Services Secure Communications

With the research of a mechanism for SOAP-based Web Services secure communications, XML Encryption component, XML Signature component and access control component are designed and implemented in this thesis. The security for Web Services communications is improved by integrating and implementing these separate security components. The feasibility of achieving security components is verified by analyzing testing results. Details are as follows:(1) These theories are studied, including Web Services, SOAP, WSDL, UDDI, XML and WS-security standard in this thesis.(2) XML Signature component is designed and implemented combined with binary security token. The component provides integrity, and also authentication, non-repudiation, because the user's identity is included in digital certificates of security token; Combined with WS-Security standard, XML Encryption component is designed which ensures the confidentiality of the SOAP messages; To meet the dynamic and open nature of Web Services, a role-based access control component is designed and implemented combined with the more flexible role-based access control model. The component provides authorization for services and realizes the mapping of users' permission and resources, so the complexity of authorized management is reduced, by making role as intermediaries.(3) The SOAP engine Axis is analyzed in the thesis. Then the XML Signature, XML Encryption and access control components are integrated and implemented in Axis by Handler. The security is tested on the main functions of an Internet Banking system. By analyzing SOAP messages after the safe handling which intercepted by the Axis's tool SOAPMonitor, the security and feasibility of security components are verified.This paper is supported by Shaanxi Natural Science Funds (2006F50) and Aviation Science Funds (06ZC31001).