| Author: | Tam, Siu-pik |
| Title: | Secure Web services in e-tendering process |
| Degree: | M.Sc. |
| Year: | 2004 |
| Subject: | Hong Kong Polytechnic University -- Dissertations Electronic commerce Industrial procurement -- Data processing |
| Department: | Department of Computing |
| Pages: | ix, 105 p. : ill. ; 30 cm |
| Language: | English |
| Abstract: | In the past few years, e-tendering process has been implemented by many organizations and government bodies as an electronic solution on the Web to replace traditional tendering processes in order to reduce procurement time, transaction cost and increase efficiency and quality of the tendering activities. However, tendering activities performed over an open network - the Internet, introduced security problem. Since, tendering processes are inter-organization activities, tender information is required to cross heterogeneous systems. The interoperability between heterogeneous systems for information dissemination and exchange has complicated the problems of e-tendering process. Today, internet technologies are growing far beyond the past few years. The innovation of web services and XML eliminate the difficulties of integration and information exchange between different vendors or partners having proprietary interfaces or standards. This paper tries to demonstrate how web services and XML can be applied to tackle the security concerns and interoperability and heterogeneity issue of information dissemination and exchange in e-tendering processes. This paper was divided into three major sections. In Part I, the characteristics and background information of e-tendering process and system were being reviewed. This section also highlights the security concerns of an e-tendering system. In Part II, it specifies the web services and XML security's concerns and challenges, the rationales for employing web services and XML by business companies and also has an overview about the roadmap of web service security in the past three years. Moreover, it presents more details about the WS-Security Specification. Three composite standards in the specification namely XACML, XML Encryption and XML Digit Signature are further being discussed. In Part III, a blueprint of secure web service in e-tendering system is being presented. The blueprint was created base on the idea from the security roadmap. The blueprint shows the ultimate solution of user authentication to access system resources for an e-tendering system using latest security mechanisms. Then, a system called "E-Tender" was designed to illustrate different system functions and address security activities for an e-tendering system. According to the concept from the blueprint and the system model of "E-Tender", a prototype was implemented to demonstrate the most critical activities in an e-tendering system for tackling security issues of resources access control and data confidentiality and integrity. The implementation includes the security standard XACML for accessing control on tender and bid documents and also the web services of the documents download and upload process. Security standards XML Encryption and XML Digit Signature are used to achieve the confidentiality and integrity of tender and bid documents during transmission over the Internet or resided in a server. Java technologies are employed for the implementation because it is comprehensive and supported by many open source software components required in the prototype. Finally, my experience and difficulties during the prototype implementation was presented and a conclusion for the paper was derived. |
| Rights: | All rights reserved |
| Access: | restricted access |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| b18002845.pdf | For All Users (off-campus access for PolyU Staff & Students only) | 4.38 MB | Adobe PDF | View/Open |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/3602