Web Service is a new distributed computing technology, with loose coupling,cross platform and commonality. For the enterprise system integration and thedevelopment of large software projects provides a convenient way. But the Webservice promotion faces many challenges, security issues has become the majorproblems of Web service implement.SOAP is the structure of Web service,the security has become the key toensure the security of Web service. Traditional security mechanisms, can onlyprotect the SOAP information point-to-point security. This article studies Webservice security protocol, constructs a SOAP based Web service security model,combine the Heilongjiang province transportation system for the realization. Themain work includes:1.According to the Web service security problems, analysis shortage of thetraditional security mechanism in solving existing problems, and put forward themain demand of Web service security. Based on the existing Web servicessecurity specification (XML Signature, XML Encryption, SAML, XKMS)research and analysis for the design of security model, lay the foundation.2.According to the Web service security needs,and Combined with theexisting security technologies, design a Web service security model. Thesecurity model combine XML Sgnature, XML Encryption, the timestamp andSAML security technology, ensuring the SOAP information end-to-end security.Realize multiple security domain authentication by the SAML technology.Ensure Web Service confidentiality, integrity, non-repudiation andimplementation of authentication and authorization.3.Combine the Heilongjiang province transportation management system,the security model is applied to a specific project. J2EE platform released theWeb service by XFire Web service engine, and the use of WSS4J for safe handling of statistical query Modular, ensure that the SOAP message end-to-endsecurity transmission. Verify the feasibility by the experimental results. Analysisthe influence on the performance of security attributes by the experimental data. |