搜索
20046()June.2004112JOURNALOFBEIJINGBROADCASTINGINSTITUTEVol.11,No.2(SCIENCEANDTECHNOLOGY)MicrosoftWeb100024WebTP013A1007-8819(2004)02Internet2003-12-08AuthenticationAuthorizationAuditingPrivacyIntegrityAvailabilityNonrepudiationWebAnonymousaccessIdentifiedaccessAuthenticatedaccessWebMicrosoftWindows2000Server/AdvancedServerPKIMicrosoftWindows2000ServerITU-TX.509X.509••••X.500•UTC1950-2049•X.500••1MicrosoftIIS5(InternetInformationServices5)Windows2000IIS5HTTP401challenge(4)Windows200034IIS5certificatetrustlistWebWindows2000serverSSL/TLSMyComputerIISIIS5Windows2000CA6IIS7IISpublickey2048Internet://(certificationauthority)Windows2000CACACAWebWindows2000CAActiveDirectory™CACAActiveDirectoryCAExtranetInternetCACACACACAWindows2000CA1.2.//Windows3.CACAMicrosoft(MMC)CA4MicrosoftWindows2000IIS5MicrosoftWindows2000IIS5SSLSSL[1]MSDNCDReleaseJuly2003[M]RedmondWAUSAMicrosoftPress2003.7[2]CAOSanxing,LURuiTheIntranet-basedOAPlatformandOAApplicationsforTVStations[J]Proc.7thIntl.Sym.OnBroadcastingTech.HongKong:TechnologyExchangeLtd,2001.8144~149[3]YANYan,CAOSanxing,ZHOUJian,WANGJianTheImplementationofWebApplicationSecuritywithintheMicrosoftCertificateServiceEnvironment[J]Proc.8thIntl.Sym.OnBroadcastingTech.HongKong:TechnologyExchangeLtd,2003.8120~124[4]OAIntranetWeb[J]234~237ArchitectureofWebApplicationSecuritybasedonMicrosoftCertificateYANYan,CAOSanxing,LIDan(ComputerandSoftwareSchool,BeijingBroadcastingUniversity,100024P.R.China)Abstract:WiththedevelopmentofInternetandWebtechnologies,moreandmoreapplicationsystemsarecurrentlyimplementedupontheWebplatform.Forthoseapplicationsinwhichsecurity,duetorequirementsinpractice,isanimportantissuetobeconsidered,anenhancedsystemsecuritysolutionhasbecomemostcritical.Uponthebasisofpracticalengineeringexperience,wedescribeinthispaperasolutionofWebApplicationSecuritybasedonMicrosoftCertificationService,amainstreamframeworkforapplicationsecuritydesign.Keywords:Security,Certification,Application,Web