Study And Improvement Of An Proxy-Based Web Service Security Model

Web Service is a web application of Based-on XML and a new distributed computing model. Web Service has its own some very good performance, for instance, easy adaptability, loose coupling, opening, independence of platform and language, and so on. That make better dynamic and integration than traditional centralized model, and realize the application integration of Heterogeneous platforms.Web Service Security is gradually becoming a new research direction with the Web Service’s development. Nowdays, lots of network security transmission technology, for instance, SSL, TSL and so on, are transport layer’s security technology, they only can guarantee the point-to-point transmission line’s security. But, the Web Service Security needs is not just like this, it must guarantee the end-to-end message’s security. Now the existing security technology can’t solve these problems.On the basics of deeply researching and analyzing the advantages of proxy-based Web Service Security model, aiming at original model’s disadvantages, thispaper brings forward an improved proxy-based Web Service Security model, and realized the security test and analysis for the imporved model. The major works of this paper are followed.1. Research and study the theory, technology and specification of Web Service and Web Service Security, and analyze the main security problems which the Web Service are faced.2. Study the Proxy-Based Web Service Security model, for lack of the model, put forward the improved model.3. Develop the proxy server based on the improved model, construct the test system with Axis2frame, JDK5.0and jUDDI, hold up the message request and response, analyze the message’s security.4. Further analyze the model’s architecture, compare with the original model, propose the research conclusion, and set forth the Further research directions.Through the testing and analysis, the improved model has the double safety on the message’s layer and the transport layer, and can guarantee security of the whole process of Web Service calling in effect.