摘要
随着Web服务技术与应用的发展 ,Web服务安全问题日益突出 Web服务安全通信要求保证应用层SOAP消息的安全传输 ,而现有的安全传输方案 ,如SSL ,TLS等不适用于应用层的消息安全保护 ,无法满足上述要求 针对Web服务应用模式 ,提出了一种基于XML安全技术的Web服务安全通信机制 ,利用安全会话实现了较高的实体认证安全性和安全通信效率 ,并为此设计和实现了保证应用层SOAP消息安全传输的SOAPSec系统 该机制具有灵活性和可扩展性 。
With the development and application of Web services technologies, some issues of Web services security are increasingly prominent Secure communications for Web services demand secure transport of SOAP messages at application layer However, existing secure transport solutions such as SSL and TLS are not suitable for protecting message security at application layer, and cannot meet this requirement A mechanism for Web services secure communications based on XML security technologies is proposed in terms of Web services application modes Through secure session mechanism, it not only provides the identity authentication functionality with relatively high security level, but also improves the efficiency of secure communications The SOAPSec system is also designed and implemented, which ensures secure transport of SOAP messages at application layer This mechanism has the advantages of flexibility and extensibility, and can meet various requirements of secure communications in typical Web services application scenarios
出处
《计算机研究与发展》
EI
CSCD
北大核心
2004年第4期679-688,共10页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2 0 0 1AA113 0 3 0
2 0 0 1AA115 110
2 0 0 1AA414 0 2 0)