摘要
叙述了采用WEB服务方式实现SOA时的标准和模型,重点描述了WEB服务安全所采用的两大技术体制,给出了几种适用的用户身份鉴别机制,并分析了在传输层采用传统的SSL/TLS、IPSec等安全保密机制的不足之处,提出了在消息层实施加密保护的需求和思路。同时文中列举了国外关于WEB服务安全的相关产品的功能和典型配置情况。最后归纳了WEB服务安全技术发展趋势和几个显著特点。
This paper describes the standards and models when SOA is realized by WEB services, emphatically tells of the two major technologies in WEB Services Security, gives several applicable authentication mechanisms of users identity, and analyzes the insufficiency when the traditional security mechanisms such as SSL/TLS, IPSec etc in transport layer are used, proposes the demands and ideas of encryption in message layer. At the same time, this paper cites the functions and typical configurations of foreign WEB services security-related products. Finally, a few development trends and prominent features of the technologies in WEB Services Security are discussed.
出处
《信息安全与通信保密》
2009年第8期159-161,共3页
Information Security and Communications Privacy
