Web Services Security Proxy: a Centralized Thin-Client Framework of Web Services on Enterprise Environments

摘要

One of the major challenge of developing web services is security. Typically, different requesters in one company need to invoke other commercial companions' web services. To communicate securely every requesters of the enterprise need to perform the onerous task of security configuration, such as Key management, security assertion document obtaining,signature and encryption, SSL connections establishment, etc. More secure the configuration is, more complex and error-prone the clients are. In this paper a thin-client framework based on web services security proxy is described to address the issues above.The WSSP(Web Services Security Proxy) is the administration center of web service security of the whole enterprise. The WSSP contains several kernel functional modules:Key management module, security assertion module, IP blocking module. All requests from clients within the enterprise which call web services outsides are send to the WSSP who caches the keys, certificates and assertion tickets locally and forwards messages to the service providers.