【摘要】 针对Web服务中身份认证的问题,分析了SRP-6(Secure Remote Password-6)协议的密钥交换机制,提出了一种基于简单对象访问协议(SOAP)和SRP-6协议的认证与密钥交换方案(SRP-over-SOAP).该方案将SOAP消息进行扩展,通过在SOAP头中加入<SRPAuth>标记,实现了SOAP消息对SRP认证信息的传递.文中还将该方案用于Web服务,实现了服务器和客户机间的双向身份认证.更多还原

【Abstract】 In order to solve the problem of authentication in Web services,the key exchange mechanism of Secure Remote Password-6(SRP-6) is analyzed,and a new authentication and key exchange scheme named SRP-over-SOAP is proposed.The proposed scheme,which is based on the Simple Object Access Protocol(SOAP) and the SRP-6,branches out SOAP message and assigns the label of <SRPAuth> to SOAP header.Thus,the SRP authentication in the transportation of SOAP message can be implemented.Moreover,by applying the proposed scheme to Web services,a bi-directional authentication between the server and the client server can also be implemented.更多还原