| Enterprises are increasingly dependent on the Web-based information systems to support business activities. They must secure their Web Services, and their customer's communications with these applications, from unauthorized access and malicious hacking..Security includes authenticating the machine that is accessing the application, encrypting all communications among the applications, validating the digital signature on the request, routing the incoming requests based on the application that is being accessed, and tracking the requests for subsequent audittrails and logging needs.Because Web Services frequently use common communication protocols to transmit sensitive information, there is a risk of eavesdropping or data tampering. Therefore, authentication, access control and secure transport protocols, along with other measures, are used to make Web Services security.Current security solutions for Web-enabled applications is based on the transport layer., Such as Secure Sockets Layer (SSL) along with the Transport Layer Security (TLS)and IPSec, provide the transient, point-to-point security in a single session.Web services require additional security solution which are not provided by transport layer security. Web services require persistent, end-to-end data confidentiality and integrity, client authorization, and verifiable chains of trust. This type of securities is referred to message-level or application layer securities:If your Web applications rely on multi-step business processes or if you havemultiple machines (such as switches or routers) between the Internet and application, application layer security must retain the data integrity and security of the message of the web application in the multi-step processes and multi-hop enviroments..Application layer security enables your customers to access to the appropriate application based on their authorization.Application layer security provides a mechanism for verifying that a message(such as a purchase order) has not been altered after it has been received and processed.Web Services applications usually process message-level security by themselves, maybe in deference way, which increase the complexity of integration. The purpose of the research is to analyse these security problem and design a security framework WSSP(Web Services Security Proxy). WSSP can secure communication among enterprise applications and its customers. building on other security technology, such as XML encryption, XML Digital Signatures, PKI.The research focus on the security issues in network computing environment, specially, the application layer security over HTTP. By summary the secure challenges in XML-based data exchange and Web service, the author also propose a technical solution for web service security.The author gives a case study of security solutions in real world cross-enterprise cooperation via Web service. The author is response for proposal and system architecture design in first three months; and also response for the implementation of some modules in following months, including WSSP engine, Handler Processor, as well as security policy. |
PDF Full Text Request