近年來網際網路服務(Web Service)技術逐漸被廣泛開發及採用，網際服務提供了以XML為基礎的訊息格式，解決了異質平台溝通及不同應用軟體間整合的問題，而其模組化的結構，也帶來更高的可重用性(Reusability)。
然而，安全性是Web Service成功的必要保證，所以要實現安全之企業級的網路服務，Web Service應該要能滿足以下之安全性基本要求：
1.鑑別性：認證鑑別以確保存取應用程式及資料之人，是經過授權的。
2.機密性：資料在網際網路上傳播時不應該被第三方看到。
3.完整性：雙方必須能夠確定被傳送的資料沒有被篡改。
4.不可否認性：雙方必須能夠確定信息的來源為聲稱者。
透過Web Service模型核心技術之可擴充性，如SOAP、WSDL、SSL傳輸加密、XML數位簽章(XML Digital Signature)以及XML加密(XML Encryption)等基礎技術，允許服務提供者(Service Provider)與服務請求者(Service Requester)開發符合應用程式之安全需求。
本文將分析幾種認證及加密技術，並藉由企業間電子商務活動，如訂單與發票等商業行為，來實作一種安全有效的加解密及數位簽章與認證技術，以實現網路交易之安全性，如鑑別性、機密性、完整性以及不可否認性之要求。

Recently, web service technology is developed and utilized widely. However, the web service security, a significant factor to assure successful web service adoptation, is always overlooked. There are four basic issues must be addressed and satisfied to meet the requirents of web service security:
1. Identification: to authenticate and identify the one who will access web services, or to authorize the application which will interoperate with web services.
2. Confidentiality: the date delivery on the internet would not be explored or intercepted by third party.
3. Integrity: both the transmitter and the receiver must make sure the data on communication is not be tampered.
4. Non-repudiation: both the transmitter and the receiver can recognize that the source of message is the claimer.
Based on technogies related to web service security, such as SOAP, WSDL, SSL encryption, XML digital signature, XML encryption, and single sign-on, we build an E-Shop as testbed to fulfill the above issues and demonstrate how to establish a secure service-based application.

[1] Tim Bray, Textuality, Netscape, C. M. Sperberg-McQueen, Jean Paoli, Extensible Markup Language (XML) 1.0 W3C Recommendation, 10 Feb. 1998
[2] 楊松諺, 上官飛鳳, Java Security全方位解決方案, 碁峯, 2004
[3] Joe Clabby, Web Service Gotchas, Bloor Research- North American, 2003
[4] John Ibbotson, SOAP Version 1.2 Usage Scenarios, W3C Working Group Note, 30 July 2003
[5] Nilo Mitra, Yves Lafon, SOAP Version 1.2 Part 0: Primer (2 Edition), W3C Recommendation, 27 April 2007
[6] Erik Christensen, Francisco Curbera, Greg Meredith, Sanjiva Weerawarana, Web Services Description Language (WSDL) 1.1 W3C Note, 15 Mar. 2001
[7] Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, SOAP Message Security 1.0 (WS-Security 2004), OASIS Standard 200401, 2004
[8] John Boyer, Donald E. Eastlake Joseph Reagle, Exclusive XML Canonicalization Version 1.0 W3C Recommendation, 18 July 2002
[9] Steve Graham, Simeon Simeonov, Bulding Web Service with Java, SAMS, 2004
[10] Manish Verma , XML Security: Implement security layer Part 1 Basic plumbing technologies, 21 Oct. 2003
[11] 李昇暾, 詹智安, Java Web Services實務程式設計, 旗標, 2004
[12] 賴溪松, 邱榮輝等, 電子簽章應用與實習, 旗標, 2003
[13] 粘添壽, 吳順裕, 資訊與網路安全技術, 旗標, 2004
[14] Martin Gudgin, Marc Hadley, Noah Mendelsohn, SOAP Version 1.2 Part 1: Messaging Framework (2 Edition) W3C Recommendation, 27 Apr. 2007
[15] 財團法人資訊工業策進會, 行政院研考會電子化政府共通作業平臺規劃, 2004
[16] Joe Clabby, Web Services Explained: Solutions and Applications for the Real World - Prentice Hall PTR, 15 Aug. 2002
[17] 段智華, SOAP技術及其安全性研究, Nov. 2001
[18] Eric Newcomer, Understanding Web services: XML, WSDL, SOAP, and UDDI, 2002
[19] Mark Bartel, John Boyer, Barb Fox, Brian LaMacchia, Ed Simon, XML Signature Syntax and Processing (2 Edition) , W3C, 2008
[20] Manish Verma , XML Security: Implement security layer Part 2 Core technologies -- XML encryption and XML signature, 30 Oct. 2003
[21] 林禎吉, 公開金鑰基礎建設之研究－Reasearch on public key infrastructure (PKI), Department of Elecrical Engineering National Cheng Kung University, 2003
[22] J. Franks P. Hallam-Baker, RFC2617 - HTTP Authentication: Basic and Digest Access Authentication, June 1999
[23] 黃聖博, PKI與Web Services Security標準與應用研究, 財團法人中華民國國家資訊基礎建設產業發展協進會, 2003