Research And Application Of Web Service Security Model Based On RBAC

With the development and application of Internet technology, Web Service has become one of the important aspects of the Internet applications. At present, many organizations and companies related to the Internet have already carried out a long-term theoretical research on the Web Service, and have developed the more mature products of Web Service. The issue of Service security, as an important component of the Web Service, has been focused on by the developers of the Web Service.This paper reviews the relative theory of the Web Service, and does a further study on the Service security of the Web Service, especially for the issues of Web Service in the network security audit, single sign on and access control policy. The main contributions of this thesis are listed as follows:1. It investigates a certain number of domestic and foreign periodicals and literatures about the service security of the Web Service, overviews the relevant basic concept and key technology, introduces its latest research direction, and analyses its current existing problems.2. For the issue of the security for Web Service, it introduces the discussion about the Security Protocol Stack of Web Service,and specifically explains the most representative two specifications of the Security Protocol Stack—WS-Security core specification and the WS-Federation specification,laying a theoretical foundation for proposing the security model of Web Service based on RBAC.3. It summarizes the contents of RBAC, including its concepts, ideas and features, and specifically explains the workflow and defects of the security model of RBAC/ Web. This paper proposes the security model of the Web Service based on RBAC, illustrates its model formulation and working process, and analyses the functions and benefits of the security model.4. For the issue of the security audit in the RBAC-based security model of the Web Service, it presents the filter model of Web proxy based on IMD. Compared with the filtering technologies of current mainstream, this paper describes the workflow and development details of this filtering driver program under the environment experiment of the Windows NT platform, and emphasizes its excellent performance in the network security audit of the Web Service.5. For the issue of the single sign on in the RBAC-based security model of the Web Service, this paper introduces the single sign on model of Web Service based on SAML. It studies on the SAML, especially for the SAML in the respects of its communication, the conceptual model and the assertion forms, and this model addresses the problem that every time the users login in the Web Service website in the reliable cluster, they must submit the information of ID authentication. Using this model, users use the ID authentication token based on SAML assertions by the federal server in the trusted cluster to log on the Web Services website, without submitting repeatedly ID authentication information.6. For the issue of the access control policy in the RBAC-based security model of the Web Service, it produces the access control policy model of RBAC based on XACML, which implements the least privilege principle and the duty separation principle in the thought of RBAC. This paper reviews the basic concepts, concept models and policy decision-making processes of the XACML, and proposes this model, making the federal server provide the decision-making Service of the access control policy with finer granularity for the Web Service website in the credibility cluster.7. Finally, it applies the security model of Web Service based on RBAC to the student information management system on the basis of the Web Service, supplies this system's overall structure, and reveals more details of its feature implementations and flow of work.