作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2013, Vol. 39 ›› Issue (2): 55-60. doi: 10.3969/j.issn.1000-3428.2013.02.011

• 软件技术与数据库 • 上一篇    下一篇

面向跨企业多方协同应用的Web服务安全模型

阮 彤,金志超   

  1. (华东理工大学计算机科学与技术系,上海 200237)
  • 收稿日期:2011-12-13 修回日期:2012-02-05 出版日期:2013-02-15 发布日期:2013-02-13
  • 作者简介:阮 彤(1973-),女,副教授、博士,主研方向:软件工程,智能信息处理;金志超,硕士研究生
  • 基金资助:

    国家“十一五”科技支撑计划基金资助重点项目“国际贸易经贸合作与流通促进关键技术研究”(2009BAH46B03)

Web Service Security Model for Cross-enterprise Multiparty Collaboration Application

RUAN Tong, JIN Zhi-chao   

  1. (Department of Computer Science and Technology, East China University of Science and Technology, Shanghai 200237, China)
  • Received:2011-12-13 Revised:2012-02-05 Online:2013-02-15 Published:2013-02-13

摘要: 现有的Web服务安全工具仅提供单个服务的安全策略配置功能,忽略了业务流程层面的安全需求。为此,提出一种面向跨企业多方协同应用的Web服务安全模型,将Web服务安全建模、部署与监控过程,融合到企业业务流程管理过程中。在此基础上构造基于Secure-WSCDL的建模工具、转换工具和监控工具,实现SOA架构下业务模型与安全建模在软件工程生命周期中的同步。通过简化的国际贸易进出口流程实例,验证了该模型与相应工具的有效性。

关键词: Web服务, Web服务编排描述语言, 消息交换模式, Web服务安全策略, Web服务安全联邦, 电子商务

Abstract: Web service security tools nowadays provide security configuration functionality at single Web services level, neglecting security requirement from business process layer. A Web service security framework towards multi-party collaboration application is proposed in this paper, which incorporates the enterprise business process management with security processes including security modeling, deployment and monitoring. Corresponding modeling tools, converting tools and monitoring tools based on Secure-WSCDL are constructed, synchronizing business model and security model throughout the entire software engineering lifecycle in SOA architecture. It verifies the effectiveness of the model and the tools by the simplified international trade import and export process instance.

Key words: Web service, Web Service Choreography Description Language(WS-CDL), Message Exchange Pattern(MEP), Web service security policy, Web service security federation, e-commerce

中图分类号: