Research Of Web Service Security Based On XML

With internet’s fast progress，application of Web Services that based on XML technologybecome more and more widely. In this case, there are a lot of Web services which have thesame or similar functions, but their QOS may be very different, some safety degree is high,and some have risks. As information security is so important today, research on Web servicessecurity technology is becoming more and more important. The security of many technologywas studied from different angle of Web services, such as XML encryption, digital signature,SOAP protocol security, access control framework and so on, and which has made manyachievements, but for the present，research on Web services security technology are reflectedin the establishment of some Web services security model to enhance the the security service,and the research on comprehensive evaluation of Web services security attributes are less andless. Therefore, study on the Web service security integrated evaluation based on userpreference has great theoretical and practical significance. How to find one of the most Webservices to meet the preferences of the user security attributes from the candidate Webservices，it also involves a multiple attribute decision making problems.Based on the traditional system architecture of Web Services, the function of the Webservices architecture is extended, namely the security assessment centre module. On this basis,we use security protocol analysis tools CASPER to analyse protocol vulnerability, IBMRational AppScan to analyse vulnerability of service, and collect the relevant data with userfeedback and questionnaire survey methods, based on the collected data of candidate Webservices, then we can filter services，execute quantification of different types of data., and setcalculation preference weight according to the requirements of user preferences. Here, thisarticle has carried on the analysis by common synthesis evaluation method of Web service,innovative uses two methods to evaluate the Web services security attributes, namely the useof standard value method combining the strategy of multiple attribute decision making Topsis algorithm for comprehensive evaluation, and the use of a ranking mechanism strategycombined with the Topsis algorithm into the comprehensive evaluation method. This paperdescribes two kinds of methods from the corresponding experimental verification, finally itproved the validity and accuracy of the two kinds of evaluation methods.