The Study of Business Services Application with Integrated Security Model of Web Services

• Main Authors: Kuan-Chieh Wang, 王冠傑
• Other Authors: Chang-Chun Tsai
• Format: Others
• Language: zh-TW
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/53252613910607073923

碩士 === 國立成功大學 === 資訊管理研究所 === 95 === Due to the Web Services are provided with the framework features of loosely coupling, crossing over the environment of heterology or the platform, the penetrability of the firewall, and the reusable ability of the components, which make the integration faster than ever in every system of corporations. The Web Services comprise the XML forms of documents such as WSDL, SOAP, UDDI. These documents are all in the forms of clear text, in addition, they describe how to use the information of the Web Services in WSDL. For instance, the beneficial information such as function name, parameter type, return value and so forth, which enable men who are ill-disposed to find a loophole in the Web Services easily, then attack Web Services through the SOAP, and accounted for the acute problems of corporations. With the increasing number of the Web Services set by firms, the assaults against the Web Services will mushroom in the future. Accordingly, how to solve the qualms about the Web Services is always the vital issue which firms focus on. In spite of the security standard of the Web Services has developed, it is not completed in the process of application. In the process of setting the Web Services, corporations cannot understand the whole contour of the security framework clearly, where to put a certain security module into a certain part of the system framework, and the security of the interconnection among systems in components. According to the XML safety measures announced by the organizations of W3C and IETF, and the WS-Security standard designed by Microsoft, IBM and Verisign, this research arranged and analyzed the related information for the backbone of the study, and brought up a set of Web Services Integrated Security Architecture which focused on Web Services Environment security protection. In the procedures of developing Web Services, this research supplied the necessary security modules, used Java to implement the model system, and provided patterns to verify the feasibility and the practicality of this module. Consequently, firms can follow the framework using moderate security components module when developing and integrating the components of the Web Services in the future.