基于SAML和XACML实现安全的Web服务（Implementing secure Web services based on SAML and XACML）.doc

基于SAML和XACML实现安全的Web服务（Implementing secure Web services based on SAML and XACML） This article is contributed by wanbin225 Pdf documents may experience poor browsing on the WAP side. It is recommended that you first select TXT, or download the source file to the local view. Application Security Implementing secure Web services based on SAML and XACML Shen Wenyi Yao Shijun Department of Electronic Science The PLA Information Engineering University Henan 450001 China Abstract: This paper introduces two kinds of important normative programming Web Services Security: Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (SAML), and presents a combination of the two language specification security model and example. Key words: SAML; XACML; Web service security; single sign on 0 Introduction One of the important features of WS is that they can be easily accessed because they use generic protocols and data formats such as HTTP and XML. But such convenience means a threat to the security of the service. The WS is likely to expose valuable data and the entire system structure to the outside world as it announces its key capabilities. In fact, the access control methods used by the current WS are no different from the methods used in Web pages. However, WS has much higher security requirements, and its security needs are diverse. Therefore, it is necessary to design a universal access control model for different WS; in addition, there is an urgent need to be able to transparently access protected applications, services, and resources across systems. For example, a login, identity transparency, and rapid conversion of a user in a portal site, user community, and business service using different login mechanisms are implemented. In order to solve the above problems, this paper proposes a security model based on SAML and XACML, not only to achieve the access control, and the user does not need to provide a tedious proof of identity, can transpare