Ucon-based Web Services Access Control

With the development of information technology, the application of application system based internet is very prevalent in every field and industry. SOA is a very popular topic now. It is an important framing technology of Electronic Commerce. Using this technology, an E-commerce platform could control the services in security and listen their state. Web Services can achieve the union of software services without platform limit and make the software services can't be restricted by transmission protocol. In this condition, Web Services becomes the first choice in SOA.Web Services has the following benefits including suitable to integrate completely different computing systems, fast and cheap to develop and easy to deploy, so it becomes very popular and widely used in many fields in these years. The security of Web Services becomes very important because of its application in E-commerce. One important part of it is access control. A good access control method is one of the important factors to protect Web Services in security.This paper discusses the access control of Web Services. First, it analyzes the characteristics of Web Services, the request of its access control, and compare it with traditional access control models such as DAC and RBAC. Second, it researches the UCON access control model, which is the new generation access control model, and builds a Web Services access control model based on the idea of UCON and the merits of the traditional access control models according to the requirement of the Web Services access control. Then, we design the Web Services access control system module based on this access control model. The access control module has two modules, authentication module and authorization module. The authentication module uses SRP protocol to achieve, and the authorization module uses ABC model to design and achieve. We use Java to achieve the model and use xfire, which is a popular SOAP engine, to control the SOAP message.At last, this paper analyzes and summarizes the result, points out the advantages and the shortage of the access control model, and show what we should do next step.