| Web Service,based on Web protocol and XML standard,provided a systematic and extensible framework for enterprise applications. With the development of Web service in the area of E-Business,its security is becoming more and more important. SOAP,the basis of Web Service transport protocol,plays an important role in the implementation of Web Service security. Inspired by SOAP design thought,we tried to utilize available security technologies to design a SOAP security model and then implement it.First we define the five security requirements of SOAP;they are confident,integrity,non-repudiation,authentication and authorization. After the introductions of transport security technology and application security technology,we thoroughly analyzed the security guarantees they can provide and their defects. We constructed a SOAP security model by combining these technologies,and further,we discussed its security capabilities according to the security requirements.In this thesis we focused more on the implementation of application security. We implemented an XML security component with EJB,with this we extended the XML process technology and formed a new XML process model. To make SOAP engine support application security,we analyzed the mechanism of SOAP engine,and design a series of Handlers related with XML security. By careful configuration of Handler chain,we bound the component and SOAP engine together seamlessly. Finally we introduced how to configure transport securityIn the final chapter,we summarized the security model and its shortcomings. Also we proposed some problems to be analyzed and solved in further work. We also introduced two Web Service security specification draft in industry,which represent the future of Web Service security. We believe with the improvement of Web Service security,Web Service will become more applicable in industry. |
PDF Full Text Request