Professional Documents
Culture Documents
Nguyn Vn Hong
Trn Th Ngc Nguyn Minh Phng
Mc lc
A. Li m u B. Ni dung I. Web Service II. Vn bo mt trn thng tin III. An ton cho Web Service A. Kt lun
Li m u
T trc cng nguyn con ngi a phi quan tm ti vic lm th no m bo an ton b mt cho cc ti liu, vn bn quan trng, c bit l trong lnh vc qun s, ngoi giao. Ngy nay vi s xut hin ca my tnh, cc ti liu vn bn, giy t v cc thng tin quan trng u c s ha v x l trn my tnh. T nhng ngay u ca Internet, ngi ta a quan tm n tnh an ton trong trao i thng tin. Mc d, khng co s an toan tuyt i, nhng nhng phat trin trong lnh vc nay thi rt nhanh va mang li nhiu thnh qu vi ay l vn cp bch ca nhiu doanh nghip. C th ni ngy nay ngoi vic nghin cu lm sao to ra mt web services tt mang li nhiu li ch th vic nghin cu lm sao mang li s an ton cho web services cng la mt trong nhng vn quan trng nht.
Ni dung
I. Web Service
Theo nh ngha ca W3C (World Wide Web Consortium), Web service l mt h thng phn mm c thit k h tr kh nng tng tc gia cc ng dng trn cc my tnh khc nhau thng qua mng Internet, giao din chung v s gn kt ca n c m t bng XML. Web service l mt tp cc phng thc c thc hin thng qua mt phng thc URL v c s dng to cc ng dng phn tn.
c im ca web service
Khng ph thuc vo ngn ng lp trnh, truy cp bt kz ng dng no H tr thao tc gia cc thnh phn khng ng nht, chi ph pht trin thp v d bo tr C kh nng ng dng rng trn cc nn tng, giao thc v nh dang d liu da trn vn bn nn d dng hiu, nng cao kh nng ti s dng To mi quan h tng tc gip cho vic pht trin d dng Thc y h thng tch hp, gim s phc tp ca h thng, h gi thnh hot ng, pht trin h thng nhanh v tng tc hiu qu vi h thng ca cc doanh nghip khc,
c im
u im
Nhng thit hi ln s xy ra vo khong thi gian cht ca Web service, giao din khng thay i, c th li nu mt my khch khng c nng cp, thiu cc giao thc cho vic vn hnh. Nhc im C qu nhiu chun cho Web service khin ngi dng kh nm bt., cn n vn an ton v bo mt
SOAP
WSDL
L giao thc thay i cc thng ip da trn XML qua mng my tnh, thng thng s dng giao thc HTTP
nh ngha cch m t Web service theo c php tng qut ca XML. WSDL thng c s dng kt hp vi XML schema v SOAP cung cp Web service qua Internet
UDDI
nh ngha mt s thnh phn cho bit cc thng tin ny, cho php cc client truy tm v nhn nhng thng tin c yu cu khi s dng Web service.
Mc ch ca Web service
Ngy nay Web service ang rt pht trin, nhng lnh vc trong cuc sng c th p dng v tch hp Web service l kh rng ln nh dch v chn lc v phn loi tin tc (h thng th vin c kt ni n web portal tm kim cc thng tin cn thit); ng dng cho cc dch v du lch (cung cp gi v, thng tin v a im), cc i l bn hng qua mng, thng tin thng mi nh gi c, t gi hi oai, u gi qua mnghay dch v giao dch trc tuyn (cho c B2B v B2C) nh t v my bay, thng tin thu xe.
i vi mi h thng thng tin mi e da v hu qu tim n l rt ln, n c th xut pht t nhng nguyn nhn nh sau:
T pha ngi s dng: xm nhp bt hp php, n cp ti sn c gi tr. Trong kin trc h thng thng tin: t chc h thng k thut khng c cu trc hoc khng mnh bo v thng tin. Ngay trong chnh sch bo mt an ton thng tin: khng chp hnh cc chun an ton, khng xc nh r cc quyn trong vn hnh h thng. Thng tin trong h thng my tnh cng s d b xm nhp nu khng c cng c qun l, kim tra v iu khin h thng. Nguy c nm ngay trong cu trc phn cng ca cc thit b tin hc v trong phn mm h thng v ng dng do hng sn xut ci sn cc loi rp in t theo nh trc, gi l bom in t. Nguy him nht i vi mng my tnh m l tin tc, t pha bn ti phm. Tt nhin, mc tiu ca bo mt khng ch nm gi gn trong lnh vc bo v thng tin m cn nhiu phm tr khc nh kim duyt web, bo mt internet, bo mt http, bo mt trn cc h thng thanh ton in t v giao dch trc tuyn.
Pha client
Pha Server
cu hinh server an ton cn c mt du hiu an toan hp l Ch ro mt callback handler c du hiu an toan trong yu cu va sau o xc nhn no.
Pha Server
Ch ro nhng thnh phn ca message cn c ky Ch ro mt khoa duyt ch ky ca message n xem c hp l hay khng. Ch ro gii thut ma khoa s dng lam cho co hiu lc tnh toan vn ca message gi n. cung cp thng tin ch k trong message phn hi
Bo m an ninh mc thng ip
L cch tip cn l tt c thng tin lin quan ti an ninh u c gi kn trong SOAP Bo m an ninh mc thng ip i hi s bo v bng th bi tn ngi dng, mt m XML v ch k s. c t bo m an ninh dch v Web (WS-Security) cung cp an ninh mc thng ip Thng c kt hp vi bo m an ninh mc truzn ti.
Mt chun an toan chung cho cc h thng giao dch trn mng thng phi tp trung vo
Identification: nh danh c nhng ai truy cp ti nguyn h thng. Authentication: chng thc t cch truy cp ti nguyn ca ngi mun s dng. Authorization: cho php giao dch khi a xc nhn nh danh ngi truy cp. Integrity: ton vn thng tin trn ng truyn. Confidentiality: an ton, khng ai co th c thng tin trn ng i. Auditing: kim tra, tt c cc giao dch u c lu li kim tra. Non-repudiation: mm do, cho php chng thc hp tnh hp php ha ca thng tin n t mt pha th ba ngoi 2 pha l ngi gi v ngi nhn.
Nhng yu cu trn gip cho h thng an ton hn , trnh c phn no nhng truy cp khng hp l .
KT LUN
Ngy nay cng ngh web services a v ang c trin khai v ng dng trong rt nhiu lnh vc khc nhau bao gm c nhng lnh vc nhy cm , i hi tnh an ton cao nh ti chnh , ngn hng ,do o web service cn cung cp mt mc an toan h tr nhng cng vic nh th. s sng ws security v cc thnh phn ca n gip cho thng tin trao i trn web services tr nn an ton hn , tuy nhin vic chn c ch an ton cho web service phi i hi sao cho ngi dng khng cm thy qa phc tp to mt s g b o vic chn c ch an ton no trong ws security th ph thuc nhiu vo loi service v nhng tnh nng m servive ny cung cp Bn cnh o cn mt im cn quan tm o l s an toan khng ch phu thuc vao nhng gii thut, nhng tiu chun, va nhng c ch m ws security mang li , m n cn ty vo thi ca cc cng ty c hiu r tm quan trng ca an ton thng tin khi trin khai cc ng dng , giao dch trn mng hay khng cng rt cn thit.