| 基于规范的Web服务安全 |
| |
| 引用本文: | 楚西岳,韩元杰.基于规范的Web服务安全[J].现代电子技术,2006,29(12):83-84,87. |
| |
| 作者姓名: | 楚西岳 韩元杰 |
| |
| 作者单位: | 桂林电子工业学院,广西,桂林,541004 |
| |
| 摘 要: | 首先介绍了Web服务的简单模型及当前使用的安全机制中存在的安全性、性能及扩展性方面的问题,然后详细说明了WS Security规范及其开发Web服务的方法,结合Microsoft公司的WSE(Web Service Enhancement)2.0插件在dotnet环境下所生成的具体的SOAP消息示例,完全符合WS Security规范并实现了对消息完整性(Integrity)、消息机密性(Confidentiality)和消息凭据(Credential)的支持,消息事例使用用户名和密码凭据以及X.509证书2种方法;最后讨论了WS Security规范的优点与缺陷,并提出改进措施。
|
| 关 键 词: | Web服务 WS-Security 信息安全 SOAP |
| 文章编号: | 1004-373X(2006)12-083-02 |
| 收稿时间: | 2005-12-16 |
| 修稿时间: | 2005-12-16 |
Secure Web Service Based on Specification |
| |
| CHU Xiyue,HAN Yuanjie.Secure Web Service Based on Specification[J].Modern Electronic Technique,2006,29(12):83-84,87. |
| |
| Authors: | CHU Xiyue HAN Yuanjie |
| |
| Affiliation: | Guilin University of Electronic Technology, Guilin, 541004, China |
| |
| Abstract: | This paper introduces the simple model of Web service,and the problem about security,performance and expansibility in it.And then,explains the WSSecurity specification and how to develop the Web service in detail,makes a SOAP example with WSE(Web Service Enhancement)2.0 which produced by Microsoft for dotnet,the example accord with WSSecurity specification and implement message integrity,message confidentiality,message credential.It uses UserToken and X.509 certificate.At last,we discuss the advantages and disadvantages about WSSecurity specification,and a proposal is given. |
| |
| Keywords: | Web service WSSecurity information security SOAP |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
