Constructing Secure Web Service Based on XML
نویسندگان
چکیده
The paper discusses XML security key technologies related with security of Web service. Based on these discussions, Web service is integrated with some mature security architectures such as PKI. A new Web service layer security model is proposed, and its characteristics are described. Finally, the paper focuses on the implementation of the security services sub-layer XKMS, and describes its design methodology, architecture and realization in detail. 1 Intrduction As defined by the World Wide Web Consortium, Web services are: (1) identified by URIs’; (2) accessible via standard Web protocols; (3) Capable of sending, receiving, and acting on XML-based message; (4) Capable of interacting with applications and programs that are not directly human-driven user interface. So XML technology has become a basic architecture in Web applications. 2 Related XML Security Technology 2,3,4] Related XML security technology is as follows: (1) XML Signature. It provides a syntax for representing signatures on digital content along with procedures for computing and verifying such signatures. (2) XML Encryption. SSL always secures the whole document, but with XML encryption you can encrypt only parts of the document. (3) XKMS. The XKMS enable application developers to outsource the processing of key management to trust services accessed through the Internet. These protocols do not require any particular underlying public key infrastructure but are designed to be compatible with such infrastructures. (4) SAML. It provides a standard way to define user authentication, authorization, entitlements, and profile information in XML documents. (5) XACML. XACML allow developers to describe access control policies for each XML element or tag (four action types: read, write, create, and delete). 2 Shaomin Zhang1,2, Baoyi Wang2, Lihua Zhou1 3 Constructing Secure Web Service Layer Model Based on XML At present, PKI and Kerberos play important roles in solving the conventional security threaten problems. Base on the ideas of integrating Web service with mature security models, a new Web service layer security model is proposed. 3.1 The Web Service Layer Security Model The structure of Web service layer security model is shown as Fig. 1. Surity Secure Service XACML Secure Content Sub-layer Application Layer Authentication, Integrity, Confidentiality etc. XML Schema, XML XML XML S Signature Encrypt SAML Fig. 1. Th The model includes t layer. The base layer p Security layer performs application layer depend layer is divided into thre layer and secure service s 3.2 The Characteristic The characteristics of the (1) It integrates many Web service wants to pro (2) It is a discrete laye to a specific system to red (3) It is a dynami specifications arising rece 4 The Realization o The secure service sub-la server on Web, simplify a XKMS Lyer Base Layer Secure Message Sub-layer Sub-layer WSDL SOAP Syntax, XSL, DOM ... tandardize XML e structure of Web service layer security model hree big layers: base layer, security layer and application rovides basic service for the realization of security layer. various security strategy and measures. The security of the s on the support of the security layer. Further, the security e sub-layers: secure message sub-layer, secure content subub-layer. of the Security Layer Model security layer model are as follows: matured security models and deduces the realization risk if a vide secure and dependable service; r relationship, we can combine different security components uce its complexity and cost; c, developing model. Various security techniques and ntly can be integrated into it according to its characteristic. f Secure Service Sub-layer yer is driven by XKMS: Place signature processing in trust uthentication and signature management by separating them Constructing Secure Web Service Based on XML 3 from application programs. The function of secure service sub-layer is shown as Fig. 2. In it, users call XKMS service by X-KISS and X-KRSS, X-KRSS functions as register public key, escrow service, client/server side generating key, revoking key etc., and X-KISS performs key location, key gaining, documents encryption, signature verification, overtime etc. After a basic processing in X-KISS and X-KRSS, the operation is committed to operation transform processing module. The key generation module generates pair keys, and key operation module functions as encryption, decryption, signature, signature verification. Sstem dm inration Read only mirror image database Data storage Main database X-KRSS XKMS X-KRSS Key operation Core PKI Key generation Operation transform processing Fig. 2. The function of secure service sub-layer 4.1 The Design of Architecture In practical application, most of the requesting services to XKMS is to access XKISS, a little to X-KRSS, so we put X-KISS and X-KRSS to different servers. Its architecture is shown as Fig. 3.
منابع مشابه
Architectural Plan for Constructing Fault Tolerable Workflow Engines Based on Grid Service
In this paper the design and implementation of fault tolerable architecture for scientific workflow engines is presented. The engines are assumed to be implemented as composite web services. Current architectures for workflow engines do not make any considerations for substituting faulty web services with correct ones at run time. The difficulty is to rollback the execution state of the workflo...
متن کاملArchitectural Plan for Constructing Fault Tolerable Workflow Engines Based on Grid Service
In this paper the design and implementation of fault tolerable architecture for scientific workflow engines is presented. The engines are assumed to be implemented as composite web services. Current architectures for workflow engines do not make any considerations for substituting faulty web services with correct ones at run time. The difficulty is to rollback the execution state of the workflo...
متن کاملAchieving secure and flexible M-services through tickets
Web services via wireless technologies, mobile services (M-services), HTTP, and XML have become important for conducting business. W3C XML Protocol Working Group has been developing standard techniques such as Web Services Description Language (WSDL), simple object access protocol (SOAP), universal description discovery and integration (UDDI). However, at this stage, there is no standard techni...
متن کاملSecure Information Sharing in a Virtual Multi-Agency Team Environment
This paper proposes a two tier RBAC approach for secure and selective information sharing among virtual multi-agency response team (VMART) and allows expansion of the VMART by admitting new collaborators (government agencies or NGOs) as need arise. A coordinator Web Service for each member agency is proposed.The coordinator Web Service is responsible for authentication, information disseminatio...
متن کاملJWIG: Yet Another Framework for Maintainable and Secure Web Applications
Although numerous frameworks for web application programming have been developed in recent years, writing web applications remains a challenging task. Guided by a collection of classical design principles, we propose yet another framework. It is based on a simple but flexible server-oriented architecture that coherently supports general aspects of modern web applications, including dynamic XML ...
متن کامل