在通用Web服务模型的基础上,提出一种基于SOAP(简单对象访问协议)消息的Web服务综合安全模型.其中增加两个功能模块:Web服务安令平台,用来生成管理密钥对、数字证书和Web服务双方的身份认证;SOAP消息安全代理包,用来保障Web服务消息的安全性.利用现有的工具包对模型进行了实现,并在一个具体的系统平台上对其进行了安全性测试,结果表明对SOAP消息加密成功,同时实现了证书、密钥的发放和管理.保证了Web服务在一个安全的环境中运行.
A new colligation security model of Web services based on SOAP message was designed, and two new function modules were added in the model. Web services security platform (WSSP) which was used to create a pair of manager private key,digital certificate and the authentication of identity; SOAP message security agent (SMSA) was used to ensure the security of Web services message. In the end, we actualized the new model by some tool package which was in existence, and did some security testing for the model in a idiographic system. The result of testing indicated that the SOAP message was encrypted, and the private key and the digital certificate was conferred and managed. It ensured the Web services working in a safety environment.