Research of SOAP Message Security Model on Web Services - Advanced Research on Computer Education, Simulation and Modeling

Information Technology Reference

In-Depth Information

The server automatically decrypts the message server. Server first validates the

username/password and then decrypt data by using the username which delivered by

server and the password (WSE automatically obtained from the Windows Active

Directory, or by the overloading the Authenticate Token) it acquired. If failed, it

returns the corresponding mistakes.

The Realization of SOAP Security Based on Role. The authority supports two

security token: Username and Kerberos Token. When the server receives a SOAP

message that signed with security token, WSE check this security token to determine

the identity of the sender. If the check is passed, then create a Windows commission

(Principal) authorization, and award the Token with the Principal attribute. Using

Principal properties, code of Web service can determine whether the given role is

qualified to execute all or part of the Web service method. The code is omitted.

5 Conclusion

In practical use, network complexity, variability and vulnerability of information

system determines the security of Web service is of great significance of information

transmission. To imitate implementation message-level Web service security model

by using WSE, through a calling domain service instance. It gives the implementation

method and data of digital signature, authentication encryption and authorization to

SOAP message, and verifies the result of the experiment, thus ensures the

confidentiality, integrity, non-reputation, authentication and authorization of the

message under Web service environment.

References

1. IBM Corporation and Microsoft Corporation. Security in a web Services world: A Proposed

Architecture and Roadmap-A joint security whitepaper from IBM Corporation (EB/OL)

(2008), http://www-106.ibm.com/developerworks/library/ws-secmap/

2. WIKIPDIA. Public-keycryptography,

http://en.wikipedia.org/wiki/Public-keycryptography

3. Benatallah, B., Casati, F.: Special issue on Web services. Distributed and Parallel

Databases 12(2/3), 115-116 (2010)

4. Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol version3.0, Netscape

Communications [EB/OL],

http://www.wp.netscape.com/eng/ssl3/ssl-toc.html

5. Fensel, D., Bussler, C., Maedche, A.: Semantic web enabled web services. In: Horrocks, I.,

Hendler, J. (eds.) ISWC 2002. LNCS, vol. 2342, pp. 1-2. Springer, Heidelberg (2002)

6. Budak Arpinar, I., Zhang, R., Aleman-Meza, B., et al.: Ontology driven web services

composition platform. Information Systems and E-Business Management 3(2), 175-199

(2009)

Search WWH ::

Custom Search

Home