Java web 服务 web 服务安全性状态 毕业论文.docVIP

毕业设计（论文） 英文翻译 年级专业 : 2008级软件工程 姓名 : 学号 : 1322 指导教师 : Java web services: The state of web service security All major web services stacks provide some level of support for WS-Security and related web services security standards. The three open source stacks Ive covered in this series — Apache Axis2, Sun/Oracle Metro, and Apache CXF — all provide a fairly high level of support for these standards. But their support differs significantly in many ways, including both the security operation and how the stacks are configured with run-time security parameters. About this series Web services are a crucial part of Java technologys role in enterprise computing. In this series of articles, XML and web services consultant Dennis Sosnoski covers the major frameworks and technologies that are important to Java developers using web services. Follow the series to stay informed of the latest developments in the field and aware of how you can use them to aid your programming projects. One important area of difference relates to the completeness and correctness of the security implementations. WS-Security and WS-SecurityPolicy allow many variations of security configurations, including different types of keys and certificates, algorithm suites, security tokens, and signing/encrypting specifications. WS-Trust and WS-SecureConversation expand the number of options even further. With so many possible configurations, no web services stack can possibly test them all. Even testing each possible option value in isolation is difficult, and most stacks dont try. In this article, youll first learn more about the issues of security interoperability among web services stacks. Then you see how the Axis2, Metro, and CXF compare on several measures of correctness and usability, based on my research for the last dozen or so articles of this series. Security interoperability Security standards provide far too many combinations of options for comprehensi