基于SOAP的Web服务安全通信机制的研究与实现-计算机应用技术专业论文.docxVIP

摘要 摘要 论文在研究基于SOAP的Web服务安全通信机制的基础上，设计实现了 XML加密组件、XML签名组件和访问控制组件。通过把这些独立的安全组件在 Axis中集成实现，提高了Web服务通信的安全性。最终，通过对测试结果的分 析，验证了安全组件实现的可行性。具体工作如下t (1)对Web服务及其关键技术SOAP、WSDL、UDDI、XML和WS．Security 规范等进行了研究。 (2)结合二进制安全令牌设计实现了XML签名组件，该组件为消息提供 了完整性，由于安全令牌传输的数字证书代表了用户的身份，签名组件同时还能 提供身份验证和不可否认性；结合WS．Security规范设计实现了XML加密组件， 该组件满足了SOAP消息的机密性：为了适应Web服务动态性和开放性的要求， 论文结合更加灵活的基于角色的访问控制模型，设计实现了基于角色授权的访问 控制组件，该组件能够为服务提供授权，它通过以角色为中介，实现了用户权限 与资源访问的映射，降低了授权管理的复杂度。 (3)对SOAP引擎Axis进行了分析研究，将所设计的安全组件：XML签 名组件、XML加密组件和访问控制组件等，通过Handler在Axis上有机集成并 实现，并以网上银行系统的主要功能对其进行安全性测试。最后通过分析Axis 提供的SOAPMonitor工具截获的安全处理后的消息，验证了论文所设计的安全 组件的安全性和可行性。 本课题来源于陕西省自然科学基金(2006F50)和航空科学基金项目 (06ZC3】001)。 关键词：Web服务，简单对象访问协议，XML签名，XML加密，基于角色的访 问控制  Abstract Research and Implementation of a Mechanism for SOAP—Based ‘％b Services Secure Communications Abstract With the research of a mechanism for SOAP-based W曲Services secure communications，XML Encryption component，XML Signature component and access control component are designed and implemented in this thesis．The security for Web Services communications is improved by integrating and implementing these separate security components．The feasibility of achieving security components is verified by analyzing testing results．Details are as follows： (1)These theories are studied，including Web Services，SOAP,WSDL，UDDI， XML and WS—security standard in this thesis． (2)XML Signature component is designed and implemented combined with binary security token．The component provides integrity,and also authentication， non-repudiation，because the user’s identity is included in digital certificates of security token；Combined with WS—Security standard，XML Encryption component is designed which ensures the confidentiality of the SOAP messages；To meet the dynamic and open nature of Web Services，a role-based access control component is designed and implemented combined with the more flexible role-based access control model．The component provides authorization for services and realizes the mapping of