Study On E-Business Security Based On SOAP

There are some problems existing in enterprise-spanning,platform difference and data structure difference when exchanging information between enterprise trading partners in B2B E-Commerce Environment.The web service technology based on SOAP communication protocol is a good solution,which has outstanding advantages in integrating E-commerce system, promoting integration of B2B E-commerce and distributed application. However, the security problem of SOAP protocol restricts its development and application in E-commerce. Therefore, it has important signification and application value to research and solve the security problems of SOAP protocol application in E-commerce.SOAP is a communication protocol based on XML technology. The security issues hasn't been considered itself. This thesis will mainly research on the security problems occurred in SOAP application in E-Commerce and their solutions.The research target of this thesis is to find a security model of E-Commerce Application based on SOAP and its implementation method.The thesis will mainly research in following aspects:①Based on SOAP protocol and architecture model of web services research, it will analyze security problems of SOAP application in E-Commerce.②In terms of researching on traditional information security theories and technologies of symmetric key encryption algorithm, public-key encryption algorithm, digital signature and digital certificate,a holistic solution of E-commerce security will be put forward.Then based on a further study on WS-Security, XML Encryption,XML digital signature and so on, a message-level security solution based on SOAP security extension will be found.③A security model of E-Commerce Application based on SOAP protocol will be put forward by cooperating the traditional security technologies with web service security, which follows WS-Security criterion.This model resolves the following security problems of SOAP Protocol:confidentiality,data integrity,irreversibility, identity authentication authorization. It also resolves these problems such as the selectivity of encryption and decryption, digital signature.This security model solves two security problems, first, it resolves the secure transmission and exchange of information by extending SOAP information in security. Secondly, it realizes access control of web service by applying XACML and SAML protocol specifications.④Finally, Taking a typical B2B trade as an example, we will design and realize its prototype system based on .NET platform,which will be tested to verify feasibility and correction of the mode.