A Security Service For ESB Based Execution Platform

With the rapid development of the Internet, in order to reduce the development costs and increase the rate of resource sharing, enterprise set a lot of Internet-oriented Web services. ESB based service execution platform with SOA architecture, which not only provides for communication between the Web services, but also provides security for these Web services. The traditional security software is based on CS mode, which does not apply to the ESB based service execution platform. To ensure the ESB based service execution platform to provide safe and reliable services, this paper designs and implements a security management service about ESB based services execute platform.The security management service aims to provide security protection for the various web services on the platform. Only the authenticated users can log on to the platform, and only the authorized users can access the appropriate resources. Security management service consists of identity authentication service and access control service. Identity authentication service is integrated with staff organizational structure center, which help the administrator manage the users information and create information card for users. Users can login with information card. They do not need to input the username/password any more. This avoids the risk of password theft. This kind of login way is more convenient and secure. Access control service is based on based on the specifications of the WS-XACML, using policy language model which supports flexible, fine-grained security policy configuration.Security management service is implemented as follows:Identity authentication service consists of Identity Center, Card Server and Card Client. Identity Center is responsible to create identity information cards for users and distribute the cards to Card Server; Card Server is responsible to store the information cards and allow users to download at any time; The Card Client is used to send request message to the Identity Center for getting security token. Access control service consists of the PEP, PDP and Policy Editor. Policy Editor is responsible to edit and create security policy; PDP firstly verifies the user’s identity by checking the security token, and then processes the request message; PEP is responsible to make the conversion of the request message.Security management service as a stand-alone Web services which is deployed on the ESB based service execution platform to provide security protection for other Web services. It has many advantages, such as transparency, visual configuration and high scalability and so on. Now it has been successfully applied to the city’s central heating system.