Web服务数据通信安全研究与实现.docVIP

Web服务数据通信安全研究与实现 摘要 随着互联网的飞速发展，信息的分享、获取和发布进入了一个新时代。Web服务解决了传统网络应用程序的分布式对象、中间件技术的相互独立性和紧耦合性，其诸多优点使得不同分布式集成架构的系统可以方便的相互沟通，因而其发展和应用的潜力巨大，但人们在享受Web服务的便利同时，也面临着安全问题。 本文在Web服务安全规范的基础上构建了一种Web服务安全模型，主要工作包括： 1)分析Web服务的技术基础，在充分研究了Web服务安全威胁及Web服务安全技术的基础上，提出了一种比较完整的、基于消息层的Web服务安全解决方案； 2)运用多层架构，将各个复杂的功能抽象成特定的模块，实现了业务和逻辑的相互分离，增强了代码的重用性； 3)详细描述.NET环境下实现Web服务安全的方法，通过监听和对比加密前后的消息，探讨传输的安全性与效率； 关键词：Web服务；Web服务安全；XML签名；XML加密 Web Service Data Communication Security Research and Implementation ABSTRACT With the rapid development of the Internet,information sharing,information access and information release entered a new era.Web services solved the problems of mutual independence and the tightly-coupled of middleware and distributed-object in the web environment of the traditional web applications.Since there are lots of merits in web services,it can make the systems which have different distributed integrated framework communicate with each other conveniently.So,there are great potential for the development and application of web services.However,when we are enjoying the convenience of web services,the security problems are standing out. Based on the Web Services Security Specification, this paper built a web service security model. The major works as follows: 1. By analyzing the technical foundation of web services, reserching on the threat and the related technology of web services, a fairly complete, system message layer based web services security solution is presented. 2. Using the.NET multi-storey structure, abstracting the various functions of the system into specific modules, separating the business logic and business logic, enhancing the reusability of the code. 3. This paper described the.NET web services environment to achieve security approach in detail, and gave some codes of the realization of SOAP message signatures and encryption. Keywords: Web Services;Web Services Security; XML signature; XML encryption 目 录 1 概述 1 1.1课题背景 1 1.1.1 WEB服务及其发展 1 1.