Web服务是一种完全建立在现有互联网标准之上、松散耦合的、跨语言和平台的应用程序之间通信的标准方法。随着Web服务在电子商务等领域的不断发展,其安全性也越来越显示其重要性。对于基于消息的体系结构,业界已经有一套现成的而且广泛接受的传输层安全机制,比如,安全套接字层(SSL)和网际协议安全(Internet Protocol Security,IPSec),但现有的这些安全机制由于缺少端到端的保护、不可否认性、选择性保护、灵活的认证机制以及消息层的保护,不能在Web服务模型内提供足够的安全性。目前,与Web服务消息安全有关的方法主要有WS-Security规范、XKMS规范、SAML以及SOAP安全扩展-数字签名规范等,这些规范虽然在某些方面实现消息安全,但不能提供一个完整的安全解决方案。 本文在.NET平台的基础上,利用.NET平台的安全机制及WS-Security规范,提出一个.NET平台上的Web服务安全性模型,并给出了实现方法和实例: (1)提出一个.NET平台Web服务安全性模型,此模型基于WS-Security规范并充分利用了.NET的安全机制,具有一定的扩展性和灵活
【英文摘要】 Web Services are a kind of communication specifications between applications. They are entirely built in the current standards of Internet, with the advantage of loose coupling, cross-language and cross-platform. With the development of Web Services in e-commerce and other fields, the security has become increasingly important. As to the structure based on message, the industry has a suit of transport layer security mechanisms, which have widely be accepted, for example, the Secure Sockets
Web services are a completely built on existing Internet standards-based, loosely coupled, cross-language and platform applications standard method of communication between. With the Web services in e-commerce areas such as the continuous development of its security is also increasingly shown its importance. For message-based architecture, the industry has a set of ready-made and widely accepted transport-layer security mechanisms, such as Secure Sockets Layer (SSL) and Internet Protocol Security (Internet Protocol Security, IPSec), but these existing security mechanisms due to the lack of end to end protection, non-repudiation, selective protection, flexible authentication mechanisms, and message-layer protection, Web services model can not provide adequate security. At present, with the Web services message security-related methods are mainly WS-Security specification, XKMS specification, SAML and SOAP Security Extensions - Digital Signature specification, etc. Although in some aspects of these norms to achieve message security, but can not provide a complete security solution program. In this paper. NET platform, based on the use of. NET platform security mechanisms, and WS-Security specification, proposed a. NET platform for Web services security model, and gives methods and examples of the realization: (1) proposed a. NET platform for Web services security model, this model is based on WS-Security specification and make full use of. NET''s security mechanisms, with a certain degree of scalability and flexibility
【English Abstract Web Services are a kind of communication specifications between applications. They are entirely built in the current standards of Internet, with the advantage of loose coupling, cross-language and cross-platform. With the development of Web Services in e - commerce and other fields, the security has become increasingly important. As to the structure based on message, the industry has a suit of transport layer security mechanisms, which have widely be accepted, for example, the Secure Sockets
