Research And Application Of Web Services Security

With the rapid development of computer network and information technology, information sharing, information access and information release has entered a new era. Web services have solved the problems of mutual independence and the tightly-coupled of middleware and distributed-object in the Web environment of the traditional Web applications. Since there are lots of merits in Web services, it can make the systems which have different distributed integrated framework communicate with each other conveniently. So, there are great potential for the development and application of Web services. However, when we are enjoying the convenience of Web services, the security problems are standing out. At present, the industry has developed a series of safety-related norms to achieve Web services, which neither guarantee its own security, nor provide a complete security solution.This article first described the current Web Service in terms of security threats and challenges; Then it target at researching and summing up the technology about Authentication, Authorization and Access Control, XML Encryption and SOAP Security Communications and discusses the Web Services Security Architecture. Through analyzing the basic security needs of the Modern Information System which is based on web services mode, simple and easy to solution is designed. Web Services security solutions based on the Web Services Security Specifications. Through implementing the Higher Education Training Program Information Management System to verify the feasibility of the Web Services in security solutions. The main job including:1. Analyzing Web Services technology's foundation and carrying out a thorough study of security threats and Web Services security technology.2. Analyzing the Information System's security needs and traditional solutions based on web services mode. Bringing forward Web Services security solutions that is suitable and easy to implement Information System.3. By implementing the web services of the Higher Education Training Program Information Management System,the method about how to realize Web Service Security under the .Net Framework is described in detail, such as monitoring and comparing the message encrypted with the message unencrypted, validating the integrity of Web Services and its Security. This research projects and its results will have some reference value and good prospects for application, in terms of the Web Services security, particularly for those application systems.