| System information security is becoming a major issue as an increasing number of businesses running their information system over the Internet. Thereby, it is mandatory task to build a reliable security mechanism. Applications could communicate through web service.When data is transmitted through SOAP protocol, solutions like traditional security insurance or only through using firewall is lack the ability of fully meeting the requirements for security of Web Service which has its own characteristics. Thus, to ensure information security, end-to-end message protection methods should be adopted for Web service to ensure information security and make full use of current security token architecture which defined by WS-Security of PKI system, to expend SOAP packages by using digital signature and encryption.This essay will discuss the integration of related information security technologies such as digital certificate, XML Digital Signature and XML Encryption, to possess digital signature on SOAP data packets and to extend the encrypted token information. Practically, WSE plug-in is used to control the authority's policy, which could non-repudiation and selectivity protect part of information as well as custom security policy. Compare with traditional information protection methods and those are without using Web service security mechanism, the leaking of confidential Web Service information fundamentally has been controlled effectively. |
PDF Full Text Request