摘要
首先介绍了Web服务的简单模型及当前使用的安全机制中存在的安全性、性能及扩展性方面的问题,然后详细说明了WS Security规范及其开发Web服务的方法,结合Microsoft公司的WSE(Web Service Enhancement)2.0插件在dotnet环境下所生成的具体的SOAP消息示例,完全符合WS Security规范并实现了对消息完整性(Integrity)、消息机密性(Confidentiality)和消息凭据(Credential)的支持,消息事例使用用户名和密码凭据以及X.509证书2种方法;最后讨论了WS Security规范的优点与缺陷,并提出改进措施。
This paper introduces the simple model of Web service, and the problem about security, performance and expansibility in it. And then,explains the WS- Security specification and how to develop the Web service in detail, makes a SOAP example with WSE(Web Service Enhancement)2.0 which produced by Microsoft for dotnet,the example accord with WS- Security specification and implement message integrity,message confidentiality,message credential. It uses UserToken and X. 509 certificate. At last, we discuss the advantages and disadvantages about WS- Security specification, and a proposal is given.
出处
《现代电子技术》
2006年第12期83-84,87,共3页
Modern Electronics Technique