Design And Implementation Of Security Component On Data Integration Platform

In order to satisfy the requirement of business data, Data Integration Platform already made the user access the data sources in a kind of transparent way. But this transparent way have a data security problem undoubtedly. Therefore, it's necessary to increase security component to the platform. In addition, the platform used XML as public data model and published to user in web service form, which produced new demands on security technology.In this paper, by analyze the potential safety problems existed in the platform's framework and process, we design concrete solutions using the five security services mentioned in ISO as criteria. Through implement of safety management module and safety control module, we provide the platform with systemic security support in aspect of identity authentication, access control, confidentiality and integrity.Safety management module processes two-double role-based access control (RBAC) to users and data-services. Administrator can configure the data-services'permission by wizards and manage the permission in data-service layer. Meanwhile, by obtain the information of data source, it can configure user name which is used when data-services access the database, which ensure the data security in data-source layer. In addition, management module improves data services'"self-description" characteristic through refreshing the security strategic of data service.Safety control module processes necessary control when the platform communicates with users, following the WS-Security criterion for XML and Web Services features. It includes the identity authentication and access control when user requests web service, which recognize user's identity and permission. Also prevent the result from filch and modify maliciously using XML encryption and signature.In conclusion, we build a complete security system for the platform through these works. It provides comprehensive security protection for both the Data Integration Platform and the data sources. Using identity authentication, access control, encryption and signature technology, it can prevent illegal request and ensure data confidentiality, integrity and no repudiation. It protects data security while data sharing and interacting expediently.