首页> 外文OA文献 >An investigation into interoperable end-to-end mobile web service security
【2h】

An investigation into interoperable end-to-end mobile web service security

机译:对可互操作的端到端移动Web服务安全性的调查

摘要

The capacity to engage in web services transactions on smartphones is growing as these devices become increasingly powerful and sophisticated. This capacity for mobile web services is being realised through mobile applications that consume web services hosted on larger computing devices. This thesis investigates the effect that end-to-end web services security has on the interoperability between mobile web services requesters and traditional web services providers. SOAP web services are the preferred web services approach for this investigation. Although WS-Security is recognised as demanding on mobile hardware and network resources, the selection of appropriate WS-Security mechanisms lessens this burden. An attempt to implement such mechanisms on smartphones is carried out via an experiment. Smartphones are selected as the mobile device type used in the experiment. The experiment is conducted on the Java Micro Edition (Java ME) and the .NET Compact Framework (.NET CF) smartphone platforms. The experiment shows that the implementation of interoperable, end-to-end, mobile web services security on both platforms is reliant on third-party libraries. This reliance on third-party libraries results in poor developer support and exposes developers to the complexity of cryptography. The experiment also shows that there are no standard message size optimisation libraries available for both platforms. The implementation carried out on the .NET CF is also shown to rely on the underlying operating system. It is concluded that standard WS-Security APIs must be provided on smartphone platforms to avoid the problems of poor developer support and the additional complexity of cryptography. It is recommended that these APIs include a message optimisation technique. It is further recommended that WS-Security APIs be completely operating system independent when they are implemented in managed code. This thesis contributes by: providing a snapshot of mobile web services security; identifying the smartphone platform state of readiness for end-to-end secure web services; and providing a set of recommendations that may improve this state of readiness. These contributions are of increasing importance as mobile web services evolve from a simple point-to-point environment to the more complex enterprise environment.
机译:随着这些设备变得越来越强大和复杂,在智能手机上进行Web服务交易的能力正在增长。通过使用占用较大计算设备上托管的Web服务的移动应用程序,可以实现移动Web服务的这种能力。本文研究了端到端Web服务安全性对移动Web服务请求者与传统Web服务提供者之间的互操作性的影响。 SOAP Web服务是此调查的首选Web服务方法。尽管WS-Security被认为对移动硬件和网络资源有要求,但是选择适当的WS-Security机制可以减轻这种负担。尝试通过智能手机实现这种机制。选择智能手机作为实验中使用的移动设备类型。该实验是在Java Micro Edition(Java ME)和.NET Compact Framework(.NET CF)智能手机平台上进行的。实验表明,两个平台上可互操作的端到端移动Web服务安全性的实现均依赖于第三方库。对第三方库的这种依赖导致开发人员支持差,并使开发人员面临加密的复杂性。实验还表明,两种平台都没有标准的邮件大小优化库。还显示了在.NET CF上执行的实现依赖于底层操作系统。结论是,必须在智能手机平台上提供标准的WS-Security API,以避免开发人员支持不佳以及加密的额外复杂性的问题。建议这些API包括消息优化技术。进一步建议当在托管代码中实现WS-Security API时,它们应完全独立于操作系统。本论文的贡献在于:提供了移动Web服务安全性的快照;识别智能手机平台为端到端安全Web服务准备就绪的状态;并提供一组建议,以改善这种准备状态。随着移动Web服务从简单的点对点环境发展到更复杂的企业环境,这些贡献变得越来越重要。

著录项

  • 作者

    Moyo Thamsanqa;

  • 作者单位
  • 年度 2008
  • 总页数
  • 原文格式 PDF
  • 正文语种 English
  • 中图分类

相似文献

  • 外文文献
  • 中文文献
  • 专利

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号