Web-based e-commerce solutions (2)

web| E-commerce | solve

The basic idea of a unified security services architecture is to migrate the complexity of the security architecture of the system to the so-called unified Security Service layer, so that the rest of the system does not have to assume any security responsibilities.

In the unified security architecture, a single server is used to implement the unified Security Service, where all security algorithms can be found, the only place to authenticate the defined domain. Therefore, the unified security Authentication/registration method has another advantage: even if a user interacts with many different security elements in a particular domain, it requires only one login. The unified Security Service itself may be a Web service, which makes it easy for other subsystems in the system to integrate security functions.

The authenticated party first invokes the unified Security Service to request an identity ID that can identify itself in a particular domain. In order to obtain this ID, the authenticated party must first provide the correct authentication information. There are several different forms of authentication information: for example, it can be a simple username/password or certificate, but other methods can be used. The unified security Service uses the underlying underlying security architecture to authenticate the user's eligibility information before giving the user an identity ID.

The specific process is as follows:

1: Be identified in the direction of unified security services issued a landing request
2: Unified Security Service returns the identity ID of the authenticated party
3: The authenticated party sends the application request and the identity ID to the application server
4: Application server sends identity ID to unified security service for authentication and judgment
5: Unified security Services return certification and the outcome of the award
6: The application server makes a specific response based on the information returned.

Third, realizes the transmission information security based on the ws-security

In the electronic commerce environment, in addition to the trader's identity information needs authentication and the right of judgment, but also to the content of the transmission of confidentiality, integrity, Non-repudiation has a high demand. Because the Web service transmits the XML text message based on the SOAP protocol, the Web Service security extension mechanism can be used to guarantee the confidentiality, integrity and non-repudiation of the transmitted information.

Ws-security is primarily a specification for xml-based security meta data containers. The industry has put forward many solutions to the security of network transmission information. For example, Kerberos and X.509 are used for authentication; X.509 also uses existing PKI for key management; XML encryption and XML signatures describe the method of encrypting and signing XML message content; XML standards describe methods for preparing XML for signature and encryption. Ws-security is used to embed these mechanisms in a SOAP message by adding a schema to the existing specification. A secure extension method that is independent of transport is implemented.

Ws-security defines a SOAP header element for carrying security-related data. If you use an XML signature, this header can contain information defined by the XML signature, including the signature method of the message, the key used, and the resulting signature value. Similarly, if an element in a message is encrypted, the ws-security header can also contain encrypted information, such as encrypted information defined by XML encryption. Instead of specifying a signed or encrypted format, ws-security specifies how security information defined by other specifications is embedded in the SOAP message.

In the Ws-security extended Web service, the SOAP transmission is no longer a simple XML text message, but a ws-security extended XML file, which is encrypted by the user's private key as an attribute in the XML header, and the transmitted XML The body content is also digitally signed. The information transmitted by the client is validated according to the customer's user decryption, which ensures the information source accurate and information integrity and confidentiality. Here is a SOAP message using the ws-security extension, which uses a user token and a digital signature.