摘要
现有的Web服务安全工具仅提供单个服务的安全策略配置功能,忽略了业务流程层面的安全需求。为此,提出一种面向跨企业多方协同应用的Web服务安全模型,将Web服务安全建模、部署与监控过程,融合到企业业务流程管理过程中。在此基础上构造基于Secure-WSCDL的建模工具、转换工具和监控工具,实现SOA架构下业务模型与安全建模在软件工程生命周期中的同步。通过简化的国际贸易进出口流程实例,验证了该模型与相应工具的有效性。
Web service security tools nowadays provide security configuration functionality at single Web services level,neglecting security requirement from business process layer.A Web service security framework towards multi-party collaboration application is proposed in this paper,which incorporates the enterprise business process management with security processes including security modeling,deployment and monitoring.Corresponding modeling tools,converting tools and monitoring tools based on Secure-WSCDL are constructed,synchronizing business model and security model throughout the entire software engineering lifecycle in SOA architecture.It verifies the effectiveness of the model and the tools by the simplified international trade import and export process instance.
出处
《计算机工程》
CAS
CSCD
2013年第2期55-60,66,共7页
Computer Engineering
基金
国家"十一五"科技支撑计划基金资助重点项目"国际贸易经贸合作与流通促进关键技术研究"(2009BAH46B03)
关键词
WEB服务
Web服务编排描述语言
消息交换模式
Web服务安全策略
Web服务安全联邦
电子商务
Web service
Web Service Choreography Description Language(WS-CDL)
Message Exchange Pattern(MEP)
Web service security policy
Web service security federation
e-commerce
