The Research Of Cross-domain Security Communication Mechanism Based On Trust In Web Services

With the continuous development of the Internet technology, Web Services are used in the more and more applications, various types of software based on Web Services have been widely used in enterprises and other government agencies. Features that loosely coupled, language and platform-independent of the Web Services can be a good solution to the cross-platform and a variety of application integration at the same time, security issue in the Web Service has become particularly prominent. In the Web Services, the two sides on the open Internet to communicate are unfamiliar each other, so there are many security issues, such as mutual authentication, data confidentiality and integrity, non-repudiation and access control, trust, empowerment, etc[1]. Therefore, if the Web Services want to get a wide range of applications and development, at the first it is necessary to ensure its security. Current research on security issues in Web Services in the same trust domain has been relatively mature, so the Web Services has been rapid development. But the use of different security services to both sides can communicate normal, authentication, data confidentiality and integrity, nonrepudiation both services in different security domains, is already a problem to be solved in the field of Web Services. So in order to ensure the these features of Web Service to get more practical value in real applications, we have to conduct in-depth research on cross-domain Web Services security technology.In this thesis, through the analysis of existing Web Services infrastructure and security technology, in-depth study of the relevant safety specifications such as WS-Security specification, the XML Encryption specification, the XML Signature specification and the XML Key Management Specification, combined with PKI technology in the X.509digital certificates and the CA trust model concept, the paper proposes a Web Service cross-domain security interaction model based on trust, and service of security interaction between the two sides in the framework of this model to study the Web Services in different security domains. The main idea of the model, the requesting side and the service side conduct a series of safe handling for the SOAP message before the interaction, the petition system and12319systems add authentication/verification of the identity of the processor, encryption/decryption processor signature/verify the signature processor three modules. The processor module configuration file can be added to the Web Service. Request before you send the SOAP message and the recipient in receiving the SOAP message, both sides will first use the Axis engine to intercept message when both sides want to communicate, and then do series of safe handling of re-send the request or response to request service information. When you have a new security requirement, the system can also be added in the configuration file to achieve. Paper cross-domain security interaction model by adding the message processor module embedded in the SOAP message, located in different security domain Web Service communication authentication, confidentiality, integrity and non-repudiation, to ensure that SOAP messages end-to-end safety.