基于SOAP的Web服务访问控制设计与实现-计算机软件与理论专业论文.docxVIP

ABSTRACT Web Services is component which is based on Internet and distributed module, a new platform which can establish the distribute application procedure to operate with each other. Web services being new generations distribute type technique, because its characteristic of loosen-coupling, cross-platform and cross-language, it has already received more likes and the supports of many business enterprises. Web services have not only many advantages, but also the security problems that Web Services meet in practice have been restricting the development and application of Web Services.Only relying on traditionary secure transport solution, such as SSL and TLS, cannot meet security requirement of Web Services.So there need add message security to ensure the security of SOAP message that is the kernel of Web Services. The encryption, authentication and authorization of SOAP specification have been widely focused on message security since SOAP specification was released. By far it has achieved many successful examples and gave many good implementation mechanisms in the encryption and certification. But the privilege for web services has no many researchs and the methods of design and implementation because having no importance on it .In the thesis, advance the research for the techique of SOAP-based access control of Web services. In order to achieve the research purpose, the main work of this thesis is following： First know the basic principle and many tactics of access control, research the access control of web services、security theory and security model thoroughly.Based on the security model for Web services and NIST RBAC/Web model,design the SOAPs extension-based security model for Web services.In the thesis, research and design the WS-RBAC model mainly, apply the model by an instance of commodity information management in electronic commerce, and validate its feasibility and preciseness. Keywords：Web services; Access control; SOAP; Security model