| Web service is thought more and more by IT field because of its charm. However, Web service is based on network, its security becomes the most important problem and the focus of the developer and corporation. The existing security mechanisms are not perfect. The expert in IBM Tokyo laboratory bought forward Session Authentication Protocol for Web Service.In the paper, we study carefully the mechanism of Web service, its security and the original protocol, then make some improvements over the original protocol. The improvements mainly cover the operations in Session Management protocol, session secret and the actor of SA, etc. The improvements make the protocol more secure. We also apply the improved protocol to a simulative Web services session communicating environment. Finally, we evaluate the system carefully. The result indicates that the simulative system is able to provide good protection to the session communication among Web services and the improvements are successful and feasible. |