Abstract
Current Web services architectures are confronted with a few stubborn problems, and the security problem becomes one of the bottlenecks that restrict the extensive application of Web service. After compared transport level with message level security, the limitation of transport level security became clearly. And then on the basis of the analysis message level security, especially WS-Security, XML security protocol was adopted to guarantee message level security. Because WS-Security is a new protocol jointly developed by Microsoft and IBM among these XML security protocols, and a security-token mechanism of WS-Security mechanism was improved, added a table with security-token types. And a new model consisting of multiple security-token is put forward to guarantee the security of message transmission.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ardagna C, Damiani E, Samarati P, et al. A Web Service Architecture for Enforcing Access Control Policies[J]. Electronic Notes in Theoretical Computer Science, 2006, 142(1):47–62.
Mishra P, Lockhart H, Maler E, et al. SAML[EB/OL]. [2005-09-25]. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
Eastlake D, Reagle J. The XML Signature Specification [EB/OL]. [2005-07-10]. http://www.w3.org/Signature.
Reagle J. W3C’s XML Encryption Specification [EB/OL]. [2005-11-09]. http://www.w3.org/Signature.
Kleiner E, Roscoe A. On the Relationship between Web Services Security and Traditional Protocols[J]. Electronic Notes in Theoretical Computer Science. 2006,155(5): 583–603.
Boritz J E, Won G N. Security in XML-Based Finacial Reporting Services on the Internet [J]. Journal of Accounting and Public Policy, 2005,24(1):11–35.
Sun Renke, Xiao Yongquan. The Security Mechanism for Web Service and a Security Model[J]. Computer Applications and Software, 2005,22(6):113–114 (Ch).
Wang Jimei, Jing Lianpu. Research and Resolution on Web Service Security[J]. Computer Applications and Software, 2004,21(2): 92–94(Ch).
Atkinson B, Della-Libera G, Hada S, et al. WS-Security [EB/OL].[2005-04-01]. http://www-128.ibm.com/developerworks/cn/webservices/ws-secure.
Microsoft Corporation. Web Service Security[EB/OL]. [2004-10-01]. http://www.microsoft.com/china/msdn/library/architecture/architecture/architecturetopic/BuildSucApp/BSAAsecmod10.mspx?mfr=true.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (70571056) and the High Technology Research and Development Program of Hebei Province (04213534, 04213529)
Biography: LIU Zhenpeng(1966–), male, Ph. D. candidate, Professor of Hebei University, research direction: Web service and information security.
Rights and permissions
About this article
Cite this article
Liu, Z., Song, X., Tang, W. et al. A message-level security model consisting of multiple security-tokens mechanism. Wuhan Univ. J. of Nat. Sci. 12, 1–4 (2007). https://doi.org/10.1007/s11859-006-0130-1
Received:
Issue Date:
DOI: https://doi.org/10.1007/s11859-006-0130-1