关键词: Web服务，安全，策略，服务组合，信任，访问控制，攻击

Abstract: Web service is characterized by its platform-independence, dynamic, openness, and loose coupling. These chary cteristics greatly facilitate the application-to-application integration based on heterogeneous platform, but they also lead to many security problems. The security of Web service deeply influences its development and is also one of the main reasons why Web service has not been adopted widely. In this paper, we firstly summarized the main security problems of Web service and outlined the existing security specifications for Web service, and then we analyzed the representative solutions to Web service security in detail, including message security, security policy, security in Web service composition,identity and trust management, access control, attacks and defenses, as well as development of secure Web services. On the basis of current research achievemented, this paper also presented a discussion on the future research directions and the challenges of Web service security.

Key words: Web service, Security, Policy, Service composition, Trust, Access control, Attacks