Web Services Security Research

With the rapid development of the Internet, information sharing, information access and information release entered a new era. Web services, as a new solution of the distributed application, solved the problems of mutual independence and the tightly-coupled of middleware and distributed-object in the web environment of the traditional web applications. Since there are lots of merits in web services, it can make the systems which have different distributed integrated framework communicate with each other conveniently. So, there are great potential for the development and application of web services. However, the openness and the complexity are the properties of web services, when we are enjoying the convenience of web services, the security problems are attracted extensive attention.To cope with the challenges and the threats to web services, specialists drafted a lot of specifications to protect web services. As one of the specifications, Web Services Security Specification adds a framework to the existing specifications (encryption XML, signature XML and other specifications) to embed these mechanisms into a Simple Object Access Protocol (SOAP) message. But WS-Security Specification doesn't guarantee the security and provide a complete security solution for web services.Based on the Web Services Security Specification and combined with the application of web service security in the project, we discuss the importance of how to guarantee the security of Web Services.The major works as follows:1. By analyzing the technical foundation of web services, researching on the threats and the related technology of web services, a fairly complete, system message layer based web services security solution is presented.2. Using the multi-storey structure in the system of National College Admission Information System and abstracting the various functions of the system into specific modules, it realizes the purpose of separating the business and logic and enhancing the reusability of the code. 3. Combined with the designing of web services, this paper describes the achievement of security approach under the .NET web services environment in detail, and discusses the security and efficiency of transmission by listening in and comparing the differences before and after message encryption.