Research And Implementation Of Web Services Composition Security In SOA

With the rapid development of Internet technology,the needs for resource in the World Wide Web is getting stronger than ever before.Web services composition has rendered a very good solution for making good use of software component in the World Wide Web which makes Enterprise Application Integration and dynamically collaborating feasible.Web service composition languages(WSBPEL,BMPL) promise a simple and effective means for application integration,WSBPEL is the upcoming standard for web service composition,however,BPEL dose not support any security mechanism. Security problems had not to be taken in account for simpliness and ease of use when SOAP was proposed.The security problem severely restrict the rapid development of web services composition. So, to propose security model and to establish effective solution is great importance to rapid development of Web Services composition.This thesis first analyzes shortcomings of existed Web Services technologies, and then via deep research of security specification of Web Services compositon, constructs a security architecture of web services compositon.It is mainly sovle two security problems:providing end-to-end secure communication to protect the message`s security and providing access control mechanisms.In order to solve the first problem, this thesis illustrate the composite process of web services based on securitypolicy, then use the composite web services tree denote the all the composte web services. A BEPL document with security informations will be built based on the previous composite web services tree .In order to protect elementary web services`s message security, a security model is constructed.To solve the access control problem, a CWSAC model is designed.Then, based on the previous security architecture,on JAVA EE platform,this thesis implement serveral parts of the architecture by means of IBM RAD and Webphere Application Server. The elementary web service`s security policy can be configured using WAS console to provide signature and encryption.Then ,based on the composite web services tree ,a WSBPEL document will be generated,the BPEL document will be used during the execution of BPEL engine.As for the access control ,a implementation and testing is execute on the CWSAC model.PAP and PDP are deployed as web services.The PAP client provide a graphic interface to invoke the PAP service,then the PDP web service will return the result based on the access control policy established by the web PAP service. The conclusion is that the CWSAC could provide access control mechanism on composite web service after the testing on CWSAC.The pretreatment of composite method can simplify the transaction process when an illegal request arrived at the composite Web service.