基于XML安全技术的电子公文交换系统-《计算机技术与发展》

文章信息/Info

Title:: Electronic Documents Exchange System Based on XML Security Technology

Author(s):: YAN Yong; HU Hua-ping; School of Computer Science, National University of Defense Technology

Keywords:: SAML; XACML; XML encryption; XML signature; access control; single sign - on

摘要:: 在跨越企业边界的电子公文交换系统中，如何提高信息的安全性、开放性和互操作性是一个重要的研究课题。文中针对目前Intemet/Intranet环境中跨系统边界交换数据存在的关键数据的传送与储存不安全、各系统身份验证不统一、安全技术标准不统一等问题，提出了一个基于XML安全技术的电子公文交换系统模型。该系统采用基于SAML的单点登录和认证授权，基于XACML的集成访问控制，以及基于XML加密和签名的关键数据加密保护。并在此基础上分析系统面临的威胁，提出可以应对的措施

Abstract:: It has become an important subject for how to improve the security,opening and inter - operation of the information in the enterprise - spanning dectronic document exchanging system. This paper presents a model of the electronic document exchanging system based on XML security technology aimed at the problems about the unsafety of the transmission and the storage of the key information,the disunity identity validation,the unconformance security specifications in the Internet/Intranet among different applications. This system based on the SAML-based single sign- on and authorization, XACML-based integrated access control, and the protection of key information using the XML encryption and signatures,and provided a solution against the menace to system