Research And Implementation Of SOAP Extension-Based Web Services Secure Model

Web services are more and more widely used in applications which are loosely coupled and independent from language and development platform.The Web services facilitates people,however,it is facing a large challenge from security issues.Security issue is not only a major bottleneck restricting the development of Web services,but also a key factor that if Web services could be accepted by the public and popularized widely.Based on the research of Web services and SOAP protocol,a Web Services security model,which is consisted of XML Signature,XML encryption and Time stamp mechanism, is designed and implemented in this paper,the paper also verifies the feasibility of this model by testing and analyses.The specific jobs are as follow:1.Firstly,the Web Services technologies(XML,WSDL,UDDI,SOAP,Web Services protocol stack) are analyzed and researched.Secondly,the hidden problems in transmission mechanism and the threats to Web services are probed into.Thirdly,the safety goals of Web services,the traditional information security technologies,WS-Security specification and the time stamp mechanism are analyzed.2.Based on the research and analysis of the relevant theories,a web services security model based on the SOAP extension is designed and implemented and the model is a combination of XML Encryption,XML Signature and a Trusted Simple Time Stamp mechanism.Data integrity and status non-repudiation could be guaranteed by XML signature.The integrity of the SOAP message could be guaranteed by XML Encryption.The timestamp mechanism can effectively prevent the issue of replay attack in the transmission of SOAP message and also apply the non-repudiation of time.3..NET platform provides a mechanism to extend the SOAP message will have been designed for XML Signature,XML Encryption and time stamp module integrated implementation,and this security model's security is tested on the On-line ticketing system.The feasibility of the security model in the paper is verified by intercepting the Safe handling SOAP message.