摘要
针对基于表述性状态传递(REST)风格的资源交互过程中安全性定义缺失的风险,提出一种基于面向资源架构(ROA)的Web资源服务系统的数据交互模型,并在该交互模型中加入安全机制,提升Web资源服务的安全性。首先,通过分析ROA在交互过程中的安全威胁,设计一种基于ROA的安全交互模型(RSIM),从交互实体、交互流程和交互安全策略三个方面进行模型设计;然后,通过设计合理的安全策略和策略实现机制,实现基于RSIM的Web资源服务系统;最后,选取电力系统常见的业务场景,验证安全交互模型对系统安全发挥的作用。实验结果表明,该安全交互模型可有效提高Web资源服务系统的安全性。
Since the risk of security definitions lack of resource interactions based on REST( REpresentational State Transfer) style,a data exchange model based on Resource-Oriented Architecture( ROA) for Web resource service system was proposed,which joined a security mechanism to enhance the security of Web service system. Firstly,through the analysis of the ROA in the interactive process of security threats,a security interaction model based on ROA,Restful Security Interaction Model( RSIM),was proposed. The model was designed from three aspects of resource interaction such as interaction entity,interaction flow and interaction security policy. Secondly,a Web resource service system was realized by using RSIM as the security policy and strategy. Finally,the common business scenarios were selectred to verify the effectiveness of the proposed security interaction model. The experimental results show that,the proposed security interaction model can effectively improve the security of Web resource service system.
出处
《计算机应用》
CSCD
北大核心
2015年第A02期160-163,184,共5页
journal of Computer Applications
关键词
面向资源的架构
REST
RESTFUL
服务交互
安全交互模型
Resource-Oriented Architecture(ROA)
Representational State Transfer(REST)
RESTful
service interaction
security interaction model
