Soap-based Web Service Security Model And Implementation,

With the development of the Internet, information interchange among companies is more and more frequent. But the traditional distributed technology such as DCOM,CORBA,RMI is very Heterogeneous, so the information interchange among companies becames very hard. Instead, the distributed middleware based on XML, Web Service, can integrate the data from different platforms very well. At the same time, it can solve the problems metioned in traditional technology very well. But Web Service technology is not perfect, especially that the SOAP protocol is so easy and so open. It makes that the Web Service has great security hidden trouble and the application of Web Service is limited. Aming at this problem, it is researched on the secure rule of Web Service, especially on the secure rule of information interchange and secure rule of Web Service itself.First, this thesis made a research on the architecture of Web Service, analyzing the secure state and secure requirement of Web Service from many angles. Indicating that SOAP protocol is the basis of Web Service technology and the security of SOAP message is the basis of Web Service secure. According to the WS-Security criterion, we adopt XML encryption and XML digital signature to insure the confidentiality,integration and indeniable of SOAP message. So we can insure the security of SOAP message. Second, We adopt the access rule based on role to control the security of Web Service according to the requirement of Web Service secure access. We build a model to solve the problem of Web Service security—"Web Service secure model based on SOAP message". In this model, SOAP message interchange and transfer are secure, the middle node of transferring message is not necessarily reliable.And the security is based on point to point security, it can reduce the realizing requirement. The web secure system using this model can provide all kinds of secure services including user certification,message encryption/decryption,digital signature/certification and access control and so on. At last, from the companies respective, we adopt WSE 3.0 to realize"Web Service secure model based on SOAP message"using groupware design. WSE 3.0 mainly adopts policy configuration to insure Web Service security. This policy is convenient to manage and realize. And it is compatible with WSE 2.0 and supports the next generation Web Service(Indigo)technology. Using WSE 3.0, we can design different solutions according to security application environment. It can help the extension of Web Service technology in some degree.