一個以服務配送中心為基礎之網路服務認證機制

Abstract

由於二十一世紀是競爭激烈的市場，企業希望能擁有一個猶如類神經的系統，能對市場快速、即時的反應。然而現在這個夢想隨著科技的快速發展已變成可能實現，而其最重要的技術就是網路服務(Web Services)。Web Services可以應用在ERP(Enterprise Resource Planning)、SCM(Supply Chain Management)及PLM(Product Lifecycle Management)系統中，但是最令人擔憂的正是資訊安全的問題，認證機制為資訊安全的基礎，因此建立Web Services安全認證機制正是本論文的目標。 本論文針對Web Services提出一個以服務配送中心(Services Distribution Center；簡稱SDC)為基礎之網路服務認證機制，希望在不影響Web Services現有架構下來強化服務要求者(Services Requester)及服務提供者(Services Provider)的認證流程，並且簡化服務要求者及服務提供者的作業程序，達到集中認證管理的目的 。同時說明在跨不同領域(Domain)時，SDC的相對做法及SDC對Web Services計費的處理及確保兩階段交易認可(Two-Phase Commit)。 根據本論文提出的認證架構，經過實作與安全性分析之後，發現這種以服務配送中心(SDC)為基礎之網路服務認證機制是有效的，能建置網路服務(Web Services)安全性認證。

Because the competitive nature of our market in the 21st century, enterprise wants application system like human nervous system which can response quickly and handle immediately. The dream will come true because we have new information technology now, that is, Web Services. Web Services can deploy our application system like ERP(Enterprise Resource Planning), SCM(Supply Chain Management) and PLM(Product Lifecycle Management). But information security is weak in transaction like many people concerned. Information security is based on authentication mechanism. The goal of this thesis is building authentication mechanism on information security for Web Services. In this thesis, we propose a new authentication mechanism for Web Services, named "An SDC-Based Authencation Mechanism for Web Services". It can enhance the authentication process between services requester and services provider and simplify their operation procedure. SDC propose the authentication concept for Web Services when all transactions are in single domain or crossing domain. The concept can charge for servies requester and is guaranteed "Two-Phase Commit" to participants in Web Services transaction. According to our authentication mechanism which is based on Services Distribution Center(SDC) in this thesis, we discover it's effective for implementing system and analyzing information security. Enterprise can develope Web Services system with our solution about authentication mechanism.