《基于wse30web服务安全性的研究及其在数字化校园平台中实现(1)》由会员分享,可在线阅读,更多相关《基于wse30web服务安全性的研究及其在数字化校园平台中实现(1)(66页珍藏版)》请在金锄头文库上搜索。
1、目录2.把基于角色访问控制应用到 Web服务的授权访问上,结合原有的客户系统,以 Web服务方式建立了角色访问控制模型,实现了 Web服务方法级别的访问控制,细化了访问控制的粒度。3.构建了基于 Windows 2003 Server的校园 CA,以用户申请,CA颁发的方式提供SOAP消息签名加密的证书,通过较成熟的 SSL技术保证了证书的安全传递,也减轻了证书生成分发的工作量。4.深入研究了 WSE3.0的签名加密原理及其签名加密结果的表示形式,通过 URI定位签名对象及加密值的方法,减少了数据的冗余,提高了消息传输率。本文基于 WSE3.0策略扩展的 Web服务安全解决方案已经应用到广西师
2、范大学学分制收费管理信息系统的建设中,较好地解决了 Web服务身份认证、访问控制及消息的签名加密问题。实践证明,该方案具有较高的安全执行效率,较好的安全性、可维护性及扩展性,具有一定应用参考价值。关键词:Web服务安全,WS-Security,WSE3.0,策略,RBACII目录Research on Web Services Security Based on WSE3.0 andImplementation of Digital Campus Security PlatformName: Cao Xiaoling; Tutor: Prof.Zhang Chaoying; Specialit
3、y: Computer Software and Theory;Research Direction: Database Application; Grade: 2006AbstractWeb Service technology is widely used in the project of constructing Digital Campus withits loosely coupled, platform- independent and language- independent. Its a good solution to theproblem of campus data
4、integration between heterogeneous systems. The campus dataintegration system based on Web services is running on the LAN with less security problem, butconsidering the perspective of development, information construction of school wont just beconfined to the campus network, so the Web Service is a p
5、otential security problem that can notbe ignored. Web Service is also widely used in E-commerce and E-government areas; moreover,it will be extended to the Internet Environment, which increases the application of the border.The security issues will become increasingly prominent, which will be the re
6、striction of thedevelopment of Web Service. Therefore, providing credible Web Services has become the key tothe promotion of Web Services application.Traditional Web Services security solutions depend on the transport layer securityprotection of SSL/TLS program. SSL/TLS is a security protection prog
7、ram based on the HTTPprotocol with more mature technology, but it also has its limitations, for example, theperformance of low, no end-to-end message level security. The mainstream of the currentsolution is to use the scalability ofSOAP, adding elements of identity authentication andauthorization to
8、 the SOAP Header, and integrating the sophisticated security technology (such asXML Signature, XML Encryptio n, PKI, X. 509) of signing and encrypting the SOAP message tomeet the needs of authentication, integrity, confidentiality, protection of security needs. But suchmethod is lack of unified stan
9、dards and unconducive to the compatibility between systems.Therefore, the major computer organizations are committed to study and formulate the relevantstandards and specifications. The production of WS-Security and other specifications based onWS-* is one of the important achievements. The organiza
10、tions also give the technical support ofthe corresponding products. Microsofts WSE3.0 is one of the strong competitive products andhas advantage on providing methods of Web Services Security development. Many scholars andresearchers ha ve given security solutions based on WSE3.0 policy framework and
11、 try to applythem to the actual environment. However, researches on these security solutions are still in theIII目录low- level stage, have no breakthrough in the framework of WSE3.0 and lack of flexibility toprotect the different Web services security. They are not suitable for more complex Web Servic
12、eapplications. In this paper, the shorts of those existed security solutions based on the WSE3.0 isanalyzed, a scheme of selective signature and encryption is designed, combining with theWSE3.0 framework, a new model based on expansion strategy of WSE3.0 is provided. Itsdifferent from those solution
13、s that rely on different Web Service methods, setting up a commonsecurity model for SOAP message, reducing the workload of the development. The bright spotsof the model are Service- level Web Service access control based on RBAC and the design ofelement-level protection to the SOAP Message with opti
14、onal signature and encryption. Thedesign achieves the goal of providing both service and client security in the digital campusenvironment.The main task of this paper is as follows:1. Taking full advantage of the scalability of WSE3.0 and independence of strategyimplementation and strategy mechanism,
15、 combining with the use of an external file independentof Web services methods to describe the encryption and signature demands, givingimplementation of part of SOAP Encryption and Signature to the SOAP body of the message andSOAP security protection in multi-point cooperation environment.2. The application of role-based access control to Web Service on the authorized access,combined with existed security protection of client. We set up a role-based access control modelbased on Web s
