Skip to Main Content
This paper first briefly reviews the state of the security technology research and access control in the Web services environment, and then presents a service-orient role-based access control model and security architecture model for Web services. In this security architecture model, SOAP proxy is employed to enforce access control for Web services and security mechanisms are separated from the business logic. In this paper, a new technology is presented to implement the RBAC on the Web services by designing the secure cookies and secure SOAP messages. Finally, the conclusion is given and the problems are pointed out, which should be resolved in further research.