一個支援網路服務的信任機制

Abstract

近年來網路服務(Web Services)越來越熱門，其具有跨平台、整合性強、開放標準特性提供了一個彈性大的系統整合環境。然而，在目前的服務導向架構(Service-oriented architecture, SOA)下，網路服務安全性主要由WS-Security標準提供安全的網路傳輸協定，但卻僅能支援傳輸過程的安全，而無法保證網路服務的內容是可信的。有鑑於此，本論文提出“一個支援網路服務的信任機制”，同時考量實體空間(Physical Space)安全因子和概念空間(Concept Space)，其中實體空間主要結合現有的WS-Security標準評估服務的安全性，而概念空間則透過服務需求者對網路服務的回饋來達成，改善WS-Security標準對網路服務內容可信度所不足。 在系統模擬實驗中，本論文模擬一可支援網路服務信任機制，由模擬結果中可發現本論文提出之信任機制可避免存取到惡意服務，改善WS-Security僅針對端對端傳輸安全保證之缺點。

Recently Web Service (WS) is becoming more popular, as more people realize its benefits. The Service-Oriented Architecture (SOA) is often referred to as “message-oriented” services is composted of service broker (registry), service providers, and service requesters. The WS-Security Specification and the working principle of the common mode of Web services security are introduced. However, WS-Security standard only supports the WS transaction during security transmission, but doesn’t certify the WS content can be trusted. This paper is proposed a novel Trust Mechanism for Web Service (TMWS) which considers the security factors in physical space and concept space in the same time. TMWS is based on WS-Security to evaluate the trust value of WS through phycial space. Moreover, TMWS combines the user feedback mechanism and service registries data exchanging mechanism to support direct recommendation and indirect recommendation. TMWS will build trust values for web service providers, web service requesters, web serives, and web service registries. In the simulation process, this paper is proposed the architecture of Trust-Based Web Services Registries Data Exchanging (TWSRDE) combined TMWS to simulate web serive publishing, discovery, invoking, data exchanging, and trust value computing. The result shows users can avoid invoking the insecure WS through TMWS. The aim is to improve WS-Security to evaluate WS content security and to provide more trusted WS to users.