| As a new distribution for Web application development and integration technology, Web services are proposed in recent years, which is based on service-oriented architecture, using XML encoding and Internet protocols for message communication and transmission. Web services represents a more loosely coupled of the distribution structure. However, while Web service gradually become the mainstream of commercial business development technology, service consumers in the process of Web services invocation faces a number of risks. For example, the privacy information of service participants are largely stored in the Web service provider side. Since it is convenience to get information in Internet and the private information in the network can make a big business profits, some private information will be illegal to open or transferred to third parties to benefit from these practices. These are serious violations of the privacy interests of the service participants. Therefore, if there is no reliable Web services security architecture, Web services technology will be difficult to be widely used. It has been an urgent problem to ensure that consumer's private information is protected during the Web service invocation and that service providers fulfill its obligations of protecting privacy data based on the privacy policies.Based on XML signatures, XML encryption, P3P (Platform for Privacy Preferences), and APPEL (A P3P Preference Exchange Language), this paper proposed a kind of Trusted Web Services Invocation Framework (TWSIF), which protects consumer's private information during Web service invocation. In this framework, message transmission security is ensured by the technology of SOAP signature and encryption. Based on the specification of P3P, this paper proposed a Web Services Privacy Policy Model (WSPPM), and based on this model a Web service privacy policy negotiation protocol is proposed, this paper also proposed an agent-based technology, which ensure privacy data security by negotiating between service providers and service consumers to finally reached a agreement of the privacy policy of a service. The main contribution of this paper is as follows:Firstly, this paper proposed Trusted Web Services Invocation Framework, used the privacy protection module to protect the privacy of participants. It adopts digital signature technology to ensure the non-repudiation of both service parties in a legal sense, use of XML signature, XML encryption technology to secure transmission of SOAP messages.Secondly, this paper proposed a privacy policy model for Web services based on P3P, defined which data the provider will protect, why collect the consumer's data, how long will the provider retain these data and how to use these privacy data. It is the legal basis for privacy protection of Web Services.Thirdly, based on the policy candidate sets, a privacy policy negotiation protocol is used to reach an agreement between service provider and service consumer on the use and protection of data privacy by negotiating step by step. This protocol changed the P3P protocol mechanism that only "rejection" or "accept" for a service, it allows service providers to change their own privacy policy to meet user's privacy preferences, and that improve the Web service access rates.Finally, TWSIF is verified, based on bookstore service platform, the TWSIF shows a good privacy protection during the service invocation. |
PDF Full Text Request