1、 毕业设计(论文) 英文翻译 年级专业 : 2008 级软件工程 姓名 : 学号 : 312008080611322 指导教师 : 年级 2008 级 专业 软件工程 学号 312008080611322 姓名 周进 -1- Java web services: The state of web service security All major web services stacks provide some level of support for WS-Security and related web services security standards. The three ope
2、n source stacks Ive covered in this series Apache Axis2, Sun/Oracle Metro, and Apache CXF all provide a fairly high level of support for these standards. But their support differs significantly in many ways, including both the security operation and how the stacks are configured with run-time securi
3、ty parameters. About this series Web services are a crucial part of Java technologys role in enterprise computing. In this series of articles, XML and web services consultant Dennis Sosnoski covers the major frameworks and technologies that are important to Java developers using web services. Follow
4、 the series to stay informed of the latest developments in the field and aware of how you can use them to aid your programming projects. One important area of difference relates to the completeness and correctness of the security implementations. WS-Security and WS-SecurityPolicy allow many variatio
5、ns of security configurations, including different types of keys and certificates, algorithm suites, security tokens, and signing/encrypting specifications. WS-Trust and WS-SecureConversation expand the number of options even further. With so many possible configurations, no web services stack can p
6、ossibly test them all. Even testing each possible option value in isolation is difficult, and most stacks dont try. In this article, youll first learn more about the issues of security interoperability among web services stacks. Then you see how the Axis2, Metro, and CXF compare on several measures
7、of correctness and usability, based on my research for the last dozen or so articles of this series. Security interoperability Security standards provide far too many combinations of options for comprehensive testing. Many of the standards supply little in the way of examples, and nothing in terms o
8、f test suites, so conformance to the standard is often a matter 年级 2008 级 专业 软件工程 学号 312008080611322 姓名 周进 -2- of opinion and conjecture. As a result, stacks that claim to support a particular standard rarely do any extensive verification of their support. Instead of trying to test against the stand
9、ard, each stack uses a limited number of security configurations for its own testing, along with an even more limited number of configurations in interoperability tests with other stacks. Other than that, the developers for each stack respond to bug reports from users encountering security configura
10、tion or interoperability issues. This limited testing for a complex set of standards means youll often encounter problems if you try anything thats not in the mainstream. Even in the relatively small number of security configurations tested for the security discussions and performance comparisons in
11、 the articles of this series, I found several problems of this type. Some efforts to improve the quality of web services security code have been made, including the work of an industry-wide organization and vendor-driven interoperability testing. The latter, in particular, has helped establish a bas
12、ic level of compatibility among stacks, but the benefits have been limited because of the small number of configurations tested. WS-I Basic Security Profile From the start, SOAP web service specifications have offered many choices for implementers and users. Partly this was by design. Other cases ar
13、e due to oversights in the standards: Expected behaviors were not specified in enough detail, so implementers had to guess what needed to be done. The problem with too many choices is that implementers lack the resources to test all the possible combinations fully, so the web services stacks support
14、 some sets of choices well, others poorly, and still others not at all. This situation creates major problems for interoperability, because theres no guarantee that different stacks support the same choices. Choice overload was such a problem in the early years of SOAP that an industry-wide group wa
15、s created for the specific purpose of limiting the number of possible configurations by defining best practices approaches. This group, the Web Services Interoperability Organization (WS-I), produced a number of profiles requiring particular choices to be used or avoided (seeResources). Through these profiles, WS-I has had a major influence in shaping the current third generation of web services stacks. Security is one of the areas WS-I has covered in profiles. The WS-I Basic
