Research of SOAP Message Security Model on Web Services - Advanced Research on Computer Education, Simulation and Modeling

Information Technology Reference

In-Depth Information

3 Web Service Security Model Framework of .NET Platform

To ensure the security of Web service, the core is to ensure the security of transmitted

information, the security of SOAP. Encrypt SOAP and having it digitally signature

processed is a way to protect its safety. The appearance of WS-Security standard

offers a good solution to the extension of SOAP information [3], the encryption of

SOAP information, signature and carrying security token. Therefore, this paper put

forward .NET platform-based Web service security model by security mechanism

of .NET platform on the basis of WS-Security specification and extended SOAP

standard protocol. The model is shown in Fig 1.

Fig. 1. Web Service Security Model Framework of .NET Platform

1) The Client adds to SOAP message extended head by encrypt SOAP message and

digital signature;

2) SOAP message with encrypted data can be transmitted to server by any means of

transmission; its security is independent of transmission protocol;

3) Server get the encrypted data from SOAP message to decrypt or digitally

signature them to achieve message integrity, message confidentiality and single

message authentication and other functions;

WS-Security specification describes enhancement function of SOAP messaging.

These functions provide message integrity, message confidentiality, and single

message authentication:

1) Authentication is provided by the security token in SOAP header. WS-Security

specification dose not require the use of any particular type of token. Security tokens

can include Kerberos tickets, X.509 certificate, or a custom binary token;

2) Secure communication is provided through digital signatures to ensure message

integrity, and using XML encryption to ensure message confidentiality;

4 Implementation of Web Service Security Model Based .NET

There are many tools to achieve WS-Security specification, among which WSE (Web

Services Enhancement) of Microsoft is the most excellent one. This chapter uses

WSE2.0 development tool of Microsoft to achieve this security model on message

level.

Search WWH ::

Custom Search

Home