A Study on Secure Purchase System Using SAML Scheme

• Main Author: 盧振華
• Other Authors: 曹偉駿
• Format: Others
• Language: zh-TW
• Published: 2004
• Online Access: http://ndltd.ncl.edu.tw/handle/73438977611059399206

碩士 === 大葉大學 === 資訊管理學系碩士班 === 92 === Under the trend of pervasive internet practices around the globe and substantially increasing electronic transactions replacing existing telephone and facsimile, the transaction model between enterprises are gradually transferred from EDI to XML mode through internet which makes the cost lower dramatically. However, XML itself cannot meet the internet transaction security characteristics which are authentication, authorization and non-repudiation. Therefore, we have to use SAML security mechanism to protect data safety. For provide Web Service security, except SSL mechanism, there are still having Microsoft Passport and SAML security standards. Since RSA Company has proven the inadequate of SSL security, SSL is not suitable for B2B safety framework. Moreover, confined to Microsoft Passport limitation, which can only support Microsoft platform, Passport cannot provide services to other platforms, such as UNIX, LINUX, PAD and any non-Microsoft transaction platforms. In order to broaden cross-platform applications, this thesis will adopt SAML standard as research basis. OASIS claims that SAML mechanism will be the next generation of e-business transaction security standard. This standard will include the following characteristics: (1) Authentication Assertion (2) Attribute Assertion (3) Authorization Decision Assertion, all of these three characteristics will enhance the XML security framework. In addition, this thesis develops a purchase system combining SAML security mechanism to simulate B2B web services security.