« Методы обработки и фильтрации нежелательных сообщений электронной почты | Главная | Адаптивная антенная система базовой станции стандарта GSM 900 »
Security in Web applications: legal and technological aspects
Автор: admin | 17 Апр 2010
УДК 681.3:621.39:51
Security in Web applications: legal and technological aspects
A.O. Luntovskyy, Dr. Sc., Uhlig Stefan
Исследованы технологические и правовые аспекты безопасных Web-систем (так называемые «Data Security Guaranteeing Web Systems»), в том числе систем Web 2.0, используемых в создании электронных сообществ, электронной коммерции и управлении, при интеграции приложений внутреннего документооборота предприятий. Необходимый уровень безопасности Web-систем с применением в международном масштабе обеспечивается только при использовании рекомендованных коммуникационных протоколов и криптоалгоритмов, а также с учетом региональных особенностей и законодательного базиса. В качестве примеров показаны технологии и механизмы создания защищенных шлюзов электронных платежей и порталов мобильной коммерции. Приведен глоссарий сокращений наиболее употребительных терминов.
Technological and legal aspects of so called Data Security Guaranteeing Web Systems are examined, inter alia, for Web 2.0 systems, which are used by creation of electronic societies, in E-commerce, E-overnance domains as well as by Enterprise Application Integration (EAI). The required level of security for Web Systems in international use is only available under consideration of recommended complementary techniques and communication protocols and with analysis of their national deployment backgrounds and legal basis. As case studies the mechanisms and technologies of Data Security Guaranteeing gateways for electronic payment transactions and portals for mobile commerce are examined. A glossary of the most used terms is provided. Introduction Modern Web and Web 2.0 based systems (services) [1, 2, 3] possess a complex, distributed architecture, for instance, distributed representation, business logics and data base services (ntier). A variety of communication protocols (transport, multimedia, messaging, directory, time, etc.) and architecture components are involved. Frequently they act on international scene and, simultaneously, have to be ordered to existing regional legislations. Let us represent as example a flight booking system based on Web (depicted in Fig.1). User portal and client management systems are integrated with back-office and flight logistics systems. The processed transactions 1, 2, 3 bind loosely the mentioned parts. Two aspects have to be considered: the legislation regarding information technology and data security [4] and the technology providing for data security. The motivation of the authors’ research is enhancement of modern Web Applications for ECommerce, M-Commerce, E-banking, E-government, Web 2.0, Semantic Web and EAI into so-called Data Security Guaranteeing Web Systems. The rest of this paper is organized as follows. Part 1 examines techniques of Web security (SSL – Secure Socket Layer, IPsec – Secure IP, SET – Secure Electronic Transactions, see the given Glossary) with peculiarities in mobile communication (WAP2.x). XML Security is involved to satisfy the security requirements posed by SOA- ased Web applications (SOA, Service-Oriented Architectures). Part 2 examines legal aspects of security in Web applications. Part 3 offers the case studies on gateway and portal solutions for E-Payment and ECommerce. Hybrid solutions for SET/SSLGateways are analyzed. A glossary of the most usable terms is provided.
Темы: Системы телекоммуникации, связи и защиты информации | Комментариев нет