On-demand information sharing, flexible cooperation, and seamless application integration have given birth to Service-Oriented architecture (SOA). While SOA has brought convenience to information sharing, application integration and cooperative computing, new security problems such as priviledge delegation control have been introduced, which cannot be tackled by traditional identity-based security mechanism. For large-scale SOA application and deployment, a new security solution tailored to this environment has become an urgent requirement.Targeting SOA implementations based on Web Services, this thesis analyzed its security demand, introduced the credential element, designed a credential-based security framework CSFS (Credential-based Security Framework for SOA), studied credential distributed management under this framework, described the framework's implementation from application mode and kernel services implementation such as policy, credential and security evaluation and decision-making, and carried out a case study and performance test.The final result of this thesis show that CSFS can effectively enforce SOA envorionment's security and the performance overhead is not heavy. |