Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 服務導向企業入口網站
Building Security Services Architecture for
作者 黃邦平
Huang, Pang Ping
貢獻者 余千智
Yu, Chien Chih
黃邦平
Huang, Pang Ping
關鍵詞 服務導向架構
企業入口網站安全
安全服務
Service-Oriented Architecture
Enterprise Portal Security
Security Services
日期 2010
上傳時間 24-Oct-2012 16:08:59 (UTC+8)
摘要 現今企業在建置企業入口網站時,往往面臨到入口網站相關安全標準與技術眾多且繁雜,缺乏一個整合式安全機制建置解決方案來遵從,造成企業在規劃與佈署入口網站之安全性時,產生巨大成本及導入障礙。而服務導向架構概念的出現,其分散性、組合式、標準化之特色,使得企業入口網站安全機制可以在使用網路服務技術的服務導向架構環境中,被當成一種服務呈現,並透過網際網路來公布、發現與利用。
     
     本研究的主要探討分析服務導向架構安全性與安全服務之相關文獻,針對企業入口網站之安全需求與現有安全性基礎結構做整合,提出一個服務導向企業入口網站安全服務架構,並利用二個企業入口網站個案來檢視此架構的安全涵蓋範圍,使企業能將服務導向式安全服務導入企業入口網站整合應用,拉高安全層級,建立一個備受使用者安全信賴的企業入口網站,進而提升企業競爭力。
     
     本研究的成果及效益包括:(1)分析探討企業入口網站在服務導向架構應用下所衍生的不同安全需求(2)提出一個以服務導向企業入口網站為主的安全服務架構。(3)此架構可完整支援服務導向企業入口網站安全功能,並具有因應日後企業安全需求增加的擴充彈性,能持續強化企業入口網站安全性。
To develop Enterprise Portal System, most enterprises always meet the problem of satisfying numerous security standards and dealing with complicated programming languages. It still lacks an integrated security solution which could provide enterprises an easy way to complete this task. Therefore, this technical problem leads to an entrance barrier and significant corresponding cost to enterprises when deploying their portal. Service-Oriented Architecture is a promising framework to improve the situation. Service-Oriented Architecture framework is distributed, combinable, standardized which and develop the security mechanisms security mechanisms in Service-Oriented Architecture environment. Considering the advantage of Service-Oriented Architecture, this study explores the possibility of building Security Services for Service-Oriented Enterprise Portal. This study analyzes Service-Oriented Architecture security and security services. In addition, the authors propose a Service-Oriented security service prototype architecture for enterprise portal to meet its security requirements. This architecture can integrate service-oriented security services into enterprise portal applications and improve security level. Accordingly, it could develop a highly reliable enterprise portal and create a better competitiveness. The work done by this study includes (1) analyzes the security requirements in a service-oriented enterprise portal, (2) proposes a new framework for enterprise portal service-oriented security services, and (3) demonstrate this framework can support complete security functions for enterprise portal, be flexibility to increase security functions for demands in the future and continue to strengthen the enterprise portal security. By considering this new framework, the design a Enterprise Portal System could be more convenient and secure and it will benefit the development of enterprise in the future.
參考文獻 [1.] 黃朗倩,(民國96年3月8日),台灣網路最毒駭客入侵每天5件亞洲第二,聯合晚報/3版/話題。
     [2.] 陳志誠、曾章瑞、劉用貴,2007,「企業入口網站安全議題及強化措施」,資通安全專論T96011。
     [3.] 李宜儒,2004,「Web Services應用在企業資訊整合的安全性議題及解決方案之研究」,國立台灣大學資訊管理學研究所碩士論文。
     [4.] 余千智, (2002), “第三章網路安全防護方法,“ 電子商務總論, (余千智主編), 第二版, 智勝文化事業有限公司。
     [5.] Akram, D., X. D. Chohan, X. Wang, X. Yang and R. Allan, (2005). “A Service Oriented Architecture for Portals Using Portlets.” UK e-Science AHM2005, Nottingham, UK.
     [6.] Ammon, R.v., W. Pausch and M. Schimmer, (2005). “Realisation of Service-Oriented Architecture (SOA) Using Enterprise Portal Plattforms taking the Example of Multi-Channel Sales in Banking Domains.” Wirtschaftsinformatik 2005, Ferstl et al. (Publ.), Heidelberg, Physica-Verlag, 1503-1518
     [7.] Baker, W., M. Goudie, A. Hutton, C.D. Hylender, J. Niemantsverdriet, C. Novak, D. Ostertag, C. Porter, M. Rosen, B. Sartin, P. Tippertt, (2010). ”2010 Data Breach Investigations report.” retrieved December 2010 from http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf.
     [8.] Benbya, H., G. Passiante, and N. Belbaly, (2004). “Corporate portal: a tool for knowledge management synchronization”, International Journal of Information Management, 243: 201-220.
     [9.] Beznosov, K., D.J. Flinn, S. Kawamoto, and B. Hartman, (2005) "Introduction to Web services and their security," Information Security Technical Report, 10(1): 2-14.
     [10.] Boehmer, W. (2008). “Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001.” The Second International Conference on Emerging Security Information, Systems and Technologies, 224-231.
     [11.] Breu, K. and C. J. Hemingway, (2001). “Creating the Agile Workforce.” Cranfield School of Management and Microsoft.
     [12.] Buecker, A., P. Ashley, M. Borrett, M. Lu, S. Muppidi, and N. Readshaw, (2007). “Understanding SOA Security Design and Implementation,” IBM Redbook Publication.
     [13.] Chan, E. H. W. and C. Liu, (2007). “Corporate Portals as Extranet Support for the Construction Industry in Hong Kong and Nearby Regions of China.” ITConb, 12: 181-192.
     [14.] Chappell, D. A. and T. Jewell, (2002). “Java Web Services,” O’REILLY Publications Co.
     [15.] Collins, H., (2003). “Enterprise Knowledge Portals: Next-Generation Portal Solutions for Dynamic Information Access, Better Decision Making, and Maximum Results.” American Management Association(AMACOM). 430.
     [16.] Daniel, E. M. and J. M. Ward, (2005). “Enterprise Portals: Addressing the Organisational and Individual Perspectives of Information Systems.” Proceedings of the 13th European Conference on Information Systems (ECIS 05) Regensburg, Germany., 26-28.
     [17.] Deltor, B., (2000). “The Corporate Portal as Information Infrastructure: Towards a Framework for Portal Design.” International Journal of Information Management, 20(2): 91-101.
     [18.] Dias, C., (2001). “Corporate Portals: A Literature Review of a New Concept in Information Management.” International Journal of Information Management, 21: 269-287.
     [19.] Ferguson, D.F. and M. L. Stockton (2005). “Service-Oriented Architecture: Programming Model and Product Architecture.” IBM Systems Journal, 44(4): 753–780.
     [20.] Firestone, J. M., (2003). “Enterprise Information Portals and Knowledge Management.” KMCI Press/Butterworth-Heinemann, Burlington, MA.
     [21.] Fisher, R., (1984). “Information Systems Security.” Prentice-Hall.
     [22.] Gable, J. (2004), “Innovations in Information Management Technologies.” Information Management Journal, 38(1): 28-34.
     [23.] Gartner. (2007). “Gartner Says Worldwide Portals, Process and Middleware Market Revenue Increased 16 Percent in 2006,” in Nashville, Tenn, Press Release. retrieved December 2010 from http://www.gartner.com/it/page.jsp?id=506881.
     [24.] Gollmann, D., (2006). “Computer Security, 2nd edition.” John Wiley and Sons, Inc.
     [25.] Haas, H. and A. Brown, "Web Services Glossary," retrieved June 2008 from http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/.
     [26.] Hafner, M. and R. Breu, (2008). “Security Engineering for Service-Oriented Architectures.” Springer, Berlin.
     [27.] Hafner, M., (2009). “SeAAS-A Reference Architecture for Security Services in SOA.” J.UCS Journal of Universal Computer Science, 15(15): 2916.
     [28.] Hall, C., (2000). “Enterprise Information Portals: Hot Air or Hot Technology,” Cutter Information Corp., retrieved March 2010 from http://researchindex.techrepublic.com/data/detail?id=948217627_569&type=RES&x=1392576421
     [29.] Kearney, P., “An Overview of Web Services Security,” BT Technology Journal, 22(1): 27-42.
     [30.] Kim, Y. J, A. Chaudhury, and H. R. Rao, (2002). “A Knowledge Management Perspective to Evaluation of Enterprise Portals.” Knowledge and Process Management, 9(2): 57-71.
     [31.] Kotorov, R., E. Hsu, (2001). “A model for enterprise portal management. Journal of Knowledge Management.” 5(1): 86-93.
     [32.] Krafzig, D., K. Banke, and D. Slama, (2005). “Enterprise SOA: Service Oriented Architecture Best Practices,” Prentice-Hall.
     [33.] Lillywhite, T. (1999), "How to protect your information – an introduction to BS7799." Management Services, 43(1): 20-21.
     [34.] Lim, B., Y. Sun, and J. Vila, (2004). “Incorporating WS-Security into a Web services-based Portal,” Information Management & Computer Security, 12(3): 206-217.
     [35.] Mack, R., Y. Ravin, and R. J. Byrd, (2001). “Knowledge Portals and The Emerging Digital Knowledge Workplace.” IBM Systems Journal, 40(4): 925-955.
     [36.] MacKenzie, C.M., K. Laskey, F. McCabe, P.F. Brown, R. Metz, (2006) "OASIS-Reference Model for Service Oriented Architecture 1.0.” Committee Specification 1.
     [37.] Mahmoud, Q. (2005). “Service-Oriented Architecture (SOA) and Web Services: The Road to Enterprise Application Integration (EAI).” retrieved April 2010 from http://java.sun.com/developer/technicalArticles/We-bServices/soa/
     [38.] Microsoft. (2009). "什麼是服務導向架構 (SOA)?" retrieved April 2010 fromhttp://www.microsoft.com/taiwan/soa/about/whatis.htm.
     [39.] Murray, G., (1999). "The Portal is the Desktop," Intraspect, Inc., Los Altos, CA.
     [40.] Natis, Y.V. (2003). "Service-Oriented Architecture Scenario," Gartner ID AV-19-6751.
     [41.] Neto, M., C. A., Fernandes, A. S. Ferreira, and L. M. Fernandes, (2010). “Enterprise Information Portals: Potential for Evaluating Research for Knowledge Management and Human Capital Assets Using Social Network Analysis.” 11th European Conference on Knowledge Management(ECKM 2010).
     [42.] OASIS. (2006). “Reference Model for Service Oriented Architecture 1.0,” retrieved April 2008 from http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf.
     [43.] Opincaru, C. and G. Gheorghe, (2009). “Service Oriented Security Architecture.” Enterprise Modelling and Information Systems Architectures Journal, 4(1): 39–48.
     [44.] Orrin, S. (2007). “The SOA/XML Threat Model and New XML/SOA/Web 2.0 Attacks & Threats.“, RSACONFERENCE 2008. retrieved December 2010 from http://www.lsec.be/upload_directories/documents/RSAConference2008/pdf/DEV-302.pdf
     [45.] Papazoglou, M.P., P. Traverso, S. Dustdar, and F. Leymann, (2008) “Service-Oriented Computing: a Research Roadmap,” International Journal of Cooperative Information Systems, 17(2): 223–255.
     [46.] Payne, K. P. and J. Kamruzzman, (2007). ”Services Oriented Architecture for Legal Web Portal.” 6th IEEE/ACIS International Conference on Computer and Information Science.
     [47.] Peterson, G. (2005). “Service Oriented Security Architecture.” Information Security Bulletin.
     [48.] Phifer, G. (2005). "A Portal May Be Your First Step to Leverage SOA," Gartner ID G00130149.
     [49.] Priebe, T., G. Pernul, (2003) “Towards Integrative Enterprise Knowledge Portals.” Twelfth International Conference on Information and Knowledge Management (CIKM 2003), New Orleans, LA, USA.
     [50.] Pulier, E. and H. Taylor (2006). Understanding Enterprise SOA. Manning Publications Co.
     [51.] Raol, J. M., K. S. Koong, L. C. Liu, and C. S. Yu, (2002). “An Identification and Classification of Enterprise Portal Functions and Features.” Industrial Management + Data Systems, 102(7): 390-399.
     [52.] Ratnasingam, P., (2002). “The Importance of Technology Trust in Web Services Security,” Information Management & Computer Security, 10(5):255-260.
     [53.] Sedukhin, I. (2003). “End-to-End Security for Web Services and Services Oriented Architectures.” Computer Associates, Inc.
     [54.] Sidharth, N. and J. Liu, (2007). “IAPF: A framework for enhancing web services security,” in 31st Annual International Computer Software and Applications Conference (COMPSAC), Beijing, 23–30.
     [55.] Singhal, A., T. Winograd, and K. Scarfone, (2007). "Guide to Secure Web Services," Recommendations of the National Institute of Standards and Technology (NIST). 800-895.
     [56.] Solms, V., (2000). “Information Security – The Third Wave?” Computers and Security, 19(7): 615–620.
     [57.] Terra, J. C. and C. Gordon, (2003). “Realizing the promise of corporate portals: leveraging knowledge for business success.” ButterworthHeinemann.
     [58.] Thomas, M. P., J. Burruss, L. Cinquini, G. Fox, D. Gannon, L. Gilbert, G. V. Laszewski, K. Jackson, D. Middleton, R. Moore, M. Pierce, B. Plale, A. Rajasekar, R. Regno, E. Roberts, D. Schissel, A. Seth, and W. Schroeder, (2005). “Grid Portal Architechures for Scientific Applications.” Journal of Physics: Conference Series 16, 596-600.
     [59.] Vernadat F. B., (2007). “Interoperable Enterprise Systems: Principles, Concepts and Methods.” Annual Reviews in Control 31, 237-145.
     [60.] Vo, H. T. K., C. Weinhardt and R. Wojciechowski, (2006). “Corporate Portals from A Service-Oriented Perspective the CoFiPot Implementation.” The 8th IEEE International Conference on and Enterprise Computing, E-Commerce, and E-Services(CEC/EEE’06).
     [61.] Wang W. and Y. Wang, (2009). “Research on Architecture of Information Security in Enterprise Portal,” Software Engineering, 2009. WCSE `09, 420-424.
     [62.] Washington State Department of Information Services.(2009). "Enterprise Service-Oriented Architecture (SOA) Domain Document", retrieved December 6, 2010 from http://www.dis.wa.gov/initiatives/enterprisearch/soa_intiative_domain.doc.
     [63.] Wojtkowski, W., (2007). “Collaborative Enterprise Portals, Encyclopaedia of Portal Technology and Applications.” Hershey, PA, Information Science Reference.
     [64.] Woods, D. and T. Mattern.(2006). “Enterprise SOA:Designing IT for Business Innovation.” O’Reilly.
     [65.] Yang, S., M. Yang, and J.T.B. Wu, (2005). “The impacts of establishing enterprise information portals on e-business performance. Industrial Management.” Data Systems, 105(3): 349-368.
     [66.] Youn C., (2003). “Web Services Based Architecture in Computational Web Portals,” The thesis for the degree of Doctoral of Syracuse University.
     [67.] Ziane, S. and H. Bacha, (2006). "Availability and Security for Complex Enterprise Web Services”, The Business Review, Cambridge, 5(1): 325-329.
描述 碩士
國立政治大學
資訊管理研究所
94356042
99
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0943560421
資料類型 thesis
dc.contributor.advisor 余千智zh_TW
dc.contributor.advisor Yu, Chien Chihen_US
dc.contributor.author (Authors) 黃邦平zh_TW
dc.contributor.author (Authors) Huang, Pang Pingen_US
dc.creator (作者) 黃邦平zh_TW
dc.creator (作者) Huang, Pang Pingen_US
dc.date (日期) 2010en_US
dc.date.accessioned 24-Oct-2012 16:08:59 (UTC+8)-
dc.date.available 24-Oct-2012 16:08:59 (UTC+8)-
dc.date.issued (上傳時間) 24-Oct-2012 16:08:59 (UTC+8)-
dc.identifier (Other Identifiers) G0943560421en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/54011-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊管理研究所zh_TW
dc.description (描述) 94356042zh_TW
dc.description (描述) 99zh_TW
dc.description.abstract (摘要) 現今企業在建置企業入口網站時,往往面臨到入口網站相關安全標準與技術眾多且繁雜,缺乏一個整合式安全機制建置解決方案來遵從,造成企業在規劃與佈署入口網站之安全性時,產生巨大成本及導入障礙。而服務導向架構概念的出現,其分散性、組合式、標準化之特色,使得企業入口網站安全機制可以在使用網路服務技術的服務導向架構環境中,被當成一種服務呈現,並透過網際網路來公布、發現與利用。
     
     本研究的主要探討分析服務導向架構安全性與安全服務之相關文獻,針對企業入口網站之安全需求與現有安全性基礎結構做整合,提出一個服務導向企業入口網站安全服務架構,並利用二個企業入口網站個案來檢視此架構的安全涵蓋範圍,使企業能將服務導向式安全服務導入企業入口網站整合應用,拉高安全層級,建立一個備受使用者安全信賴的企業入口網站,進而提升企業競爭力。
     
     本研究的成果及效益包括:(1)分析探討企業入口網站在服務導向架構應用下所衍生的不同安全需求(2)提出一個以服務導向企業入口網站為主的安全服務架構。(3)此架構可完整支援服務導向企業入口網站安全功能,並具有因應日後企業安全需求增加的擴充彈性,能持續強化企業入口網站安全性。
zh_TW
dc.description.abstract (摘要) To develop Enterprise Portal System, most enterprises always meet the problem of satisfying numerous security standards and dealing with complicated programming languages. It still lacks an integrated security solution which could provide enterprises an easy way to complete this task. Therefore, this technical problem leads to an entrance barrier and significant corresponding cost to enterprises when deploying their portal. Service-Oriented Architecture is a promising framework to improve the situation. Service-Oriented Architecture framework is distributed, combinable, standardized which and develop the security mechanisms security mechanisms in Service-Oriented Architecture environment. Considering the advantage of Service-Oriented Architecture, this study explores the possibility of building Security Services for Service-Oriented Enterprise Portal. This study analyzes Service-Oriented Architecture security and security services. In addition, the authors propose a Service-Oriented security service prototype architecture for enterprise portal to meet its security requirements. This architecture can integrate service-oriented security services into enterprise portal applications and improve security level. Accordingly, it could develop a highly reliable enterprise portal and create a better competitiveness. The work done by this study includes (1) analyzes the security requirements in a service-oriented enterprise portal, (2) proposes a new framework for enterprise portal service-oriented security services, and (3) demonstrate this framework can support complete security functions for enterprise portal, be flexibility to increase security functions for demands in the future and continue to strengthen the enterprise portal security. By considering this new framework, the design a Enterprise Portal System could be more convenient and secure and it will benefit the development of enterprise in the future.en_US
dc.description.tableofcontents 目錄 i
     表目錄 ii
     圖目錄 ii
     摘要 4
     Abstract 5
     第1章緒論 6
     1-1研究背景與動機 6
     1-1.1 企業入口網站安全現況與安全威脅 6
     1-1.2服務導向概念興起 7
     1-1.3 服務導向企業入口網站與安全防護 8
     1-2 研究目的 10
     1-3 研究流程 12
     1-4 章節結構 13
     第2章文獻回顧 15
     2-1 服務導向架構 15
     2-2企業入口網站 21
     2-3 資訊安全 27
     2-4 服務導向企業入口網站安全性研究 28
     2-4.1 服務導向企業入口網站安全威脅與需求 28
     2-4.1.1 服務導向企業入口網站安全威脅 28
     2-4.1.2 服務導向企業入口網站安全需求 36
     2-4.2服務導向企業入口網站安全服務與安全防護 39
     第3章研究架構 52
     3-1 個案研究法 52
     3-2 研究模型 53
     3-3 個案選擇的原則與限制 56
     3-4 個案資料蒐集 57
     第4章服務導向架構企業入口網站之安全服務架構 59
     4-1服務導向安全架構 59
     4-2服務導向企業入口網站之個案探討 61
     4-2.1 S企業介紹 61
     4-2.2 S企業入口網站服務與功能 62
     4-2.3 S企業入口網站安全服務說明 63
     4-2.4 巴哈姆特電玩資訊站介紹 65
     4-2.5 巴哈姆特電玩資訊站服務與功能 66
     4-2.6 巴哈姆特電玩資訊站安全服務說明 67
     4-3 服務導向企業入口網站之安全服務 72
     4-3.1 使用者身份服務 74
     4-3.2 身分認證服務 76
     4-3.3授權服務 77
     4-3.4保密性與完整性服務 78
     4-3.5安全監控與稽核服務 78
     4-3.6隱私服務 79
     4-3.7 法律與企業規範遵循服務 80
     4-3.8 安全系統與安全網路服務 81
     4-3.9文件防護與披露控制服務 81
     4-3.10 安全服務管理與互通性服務 82
     4-4服務導向企業入口網站之安全服務架構 83
     第5章個案研究 90
     5-1 P文教基金會 90
     5-1.1 P文教基金會簡介 90
     5-1.2 P文教基金會企業入口網站介紹 92
     5-1.3 P文教基金會企業入口網站安全服務說明 95
     5-1.4 P文教基金會企業入口網站安全服務評比 96
     5-1.5小結 99
     5-2 網路家庭PChome Online 99
     5-2.1 網路家庭PChome Online簡介 99
     5-2.2 網路家庭PChome Online企業入口網站介紹 99
     5-2.3 網路家庭PChome Online企業入口網站安全服務說明 100
     5-2.4 PChome企業入口網站安全服務評比 105
     5-2.5小結 106
     5-3. 兩個案企業入口網站安全服務檢視 108
     第6章結論與建議 108
zh_TW
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0943560421en_US
dc.subject (關鍵詞) 服務導向架構zh_TW
dc.subject (關鍵詞) 企業入口網站安全zh_TW
dc.subject (關鍵詞) 安全服務zh_TW
dc.subject (關鍵詞) Service-Oriented Architectureen_US
dc.subject (關鍵詞) Enterprise Portal Securityen_US
dc.subject (關鍵詞) Security Servicesen_US
dc.title (題名) 服務導向企業入口網站zh_TW
dc.title (題名) Building Security Services Architecture foren_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) [1.] 黃朗倩,(民國96年3月8日),台灣網路最毒駭客入侵每天5件亞洲第二,聯合晚報/3版/話題。
     [2.] 陳志誠、曾章瑞、劉用貴,2007,「企業入口網站安全議題及強化措施」,資通安全專論T96011。
     [3.] 李宜儒,2004,「Web Services應用在企業資訊整合的安全性議題及解決方案之研究」,國立台灣大學資訊管理學研究所碩士論文。
     [4.] 余千智, (2002), “第三章網路安全防護方法,“ 電子商務總論, (余千智主編), 第二版, 智勝文化事業有限公司。
     [5.] Akram, D., X. D. Chohan, X. Wang, X. Yang and R. Allan, (2005). “A Service Oriented Architecture for Portals Using Portlets.” UK e-Science AHM2005, Nottingham, UK.
     [6.] Ammon, R.v., W. Pausch and M. Schimmer, (2005). “Realisation of Service-Oriented Architecture (SOA) Using Enterprise Portal Plattforms taking the Example of Multi-Channel Sales in Banking Domains.” Wirtschaftsinformatik 2005, Ferstl et al. (Publ.), Heidelberg, Physica-Verlag, 1503-1518
     [7.] Baker, W., M. Goudie, A. Hutton, C.D. Hylender, J. Niemantsverdriet, C. Novak, D. Ostertag, C. Porter, M. Rosen, B. Sartin, P. Tippertt, (2010). ”2010 Data Breach Investigations report.” retrieved December 2010 from http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf.
     [8.] Benbya, H., G. Passiante, and N. Belbaly, (2004). “Corporate portal: a tool for knowledge management synchronization”, International Journal of Information Management, 243: 201-220.
     [9.] Beznosov, K., D.J. Flinn, S. Kawamoto, and B. Hartman, (2005) "Introduction to Web services and their security," Information Security Technical Report, 10(1): 2-14.
     [10.] Boehmer, W. (2008). “Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001.” The Second International Conference on Emerging Security Information, Systems and Technologies, 224-231.
     [11.] Breu, K. and C. J. Hemingway, (2001). “Creating the Agile Workforce.” Cranfield School of Management and Microsoft.
     [12.] Buecker, A., P. Ashley, M. Borrett, M. Lu, S. Muppidi, and N. Readshaw, (2007). “Understanding SOA Security Design and Implementation,” IBM Redbook Publication.
     [13.] Chan, E. H. W. and C. Liu, (2007). “Corporate Portals as Extranet Support for the Construction Industry in Hong Kong and Nearby Regions of China.” ITConb, 12: 181-192.
     [14.] Chappell, D. A. and T. Jewell, (2002). “Java Web Services,” O’REILLY Publications Co.
     [15.] Collins, H., (2003). “Enterprise Knowledge Portals: Next-Generation Portal Solutions for Dynamic Information Access, Better Decision Making, and Maximum Results.” American Management Association(AMACOM). 430.
     [16.] Daniel, E. M. and J. M. Ward, (2005). “Enterprise Portals: Addressing the Organisational and Individual Perspectives of Information Systems.” Proceedings of the 13th European Conference on Information Systems (ECIS 05) Regensburg, Germany., 26-28.
     [17.] Deltor, B., (2000). “The Corporate Portal as Information Infrastructure: Towards a Framework for Portal Design.” International Journal of Information Management, 20(2): 91-101.
     [18.] Dias, C., (2001). “Corporate Portals: A Literature Review of a New Concept in Information Management.” International Journal of Information Management, 21: 269-287.
     [19.] Ferguson, D.F. and M. L. Stockton (2005). “Service-Oriented Architecture: Programming Model and Product Architecture.” IBM Systems Journal, 44(4): 753–780.
     [20.] Firestone, J. M., (2003). “Enterprise Information Portals and Knowledge Management.” KMCI Press/Butterworth-Heinemann, Burlington, MA.
     [21.] Fisher, R., (1984). “Information Systems Security.” Prentice-Hall.
     [22.] Gable, J. (2004), “Innovations in Information Management Technologies.” Information Management Journal, 38(1): 28-34.
     [23.] Gartner. (2007). “Gartner Says Worldwide Portals, Process and Middleware Market Revenue Increased 16 Percent in 2006,” in Nashville, Tenn, Press Release. retrieved December 2010 from http://www.gartner.com/it/page.jsp?id=506881.
     [24.] Gollmann, D., (2006). “Computer Security, 2nd edition.” John Wiley and Sons, Inc.
     [25.] Haas, H. and A. Brown, "Web Services Glossary," retrieved June 2008 from http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/.
     [26.] Hafner, M. and R. Breu, (2008). “Security Engineering for Service-Oriented Architectures.” Springer, Berlin.
     [27.] Hafner, M., (2009). “SeAAS-A Reference Architecture for Security Services in SOA.” J.UCS Journal of Universal Computer Science, 15(15): 2916.
     [28.] Hall, C., (2000). “Enterprise Information Portals: Hot Air or Hot Technology,” Cutter Information Corp., retrieved March 2010 from http://researchindex.techrepublic.com/data/detail?id=948217627_569&type=RES&x=1392576421
     [29.] Kearney, P., “An Overview of Web Services Security,” BT Technology Journal, 22(1): 27-42.
     [30.] Kim, Y. J, A. Chaudhury, and H. R. Rao, (2002). “A Knowledge Management Perspective to Evaluation of Enterprise Portals.” Knowledge and Process Management, 9(2): 57-71.
     [31.] Kotorov, R., E. Hsu, (2001). “A model for enterprise portal management. Journal of Knowledge Management.” 5(1): 86-93.
     [32.] Krafzig, D., K. Banke, and D. Slama, (2005). “Enterprise SOA: Service Oriented Architecture Best Practices,” Prentice-Hall.
     [33.] Lillywhite, T. (1999), "How to protect your information – an introduction to BS7799." Management Services, 43(1): 20-21.
     [34.] Lim, B., Y. Sun, and J. Vila, (2004). “Incorporating WS-Security into a Web services-based Portal,” Information Management & Computer Security, 12(3): 206-217.
     [35.] Mack, R., Y. Ravin, and R. J. Byrd, (2001). “Knowledge Portals and The Emerging Digital Knowledge Workplace.” IBM Systems Journal, 40(4): 925-955.
     [36.] MacKenzie, C.M., K. Laskey, F. McCabe, P.F. Brown, R. Metz, (2006) "OASIS-Reference Model for Service Oriented Architecture 1.0.” Committee Specification 1.
     [37.] Mahmoud, Q. (2005). “Service-Oriented Architecture (SOA) and Web Services: The Road to Enterprise Application Integration (EAI).” retrieved April 2010 from http://java.sun.com/developer/technicalArticles/We-bServices/soa/
     [38.] Microsoft. (2009). "什麼是服務導向架構 (SOA)?" retrieved April 2010 fromhttp://www.microsoft.com/taiwan/soa/about/whatis.htm.
     [39.] Murray, G., (1999). "The Portal is the Desktop," Intraspect, Inc., Los Altos, CA.
     [40.] Natis, Y.V. (2003). "Service-Oriented Architecture Scenario," Gartner ID AV-19-6751.
     [41.] Neto, M., C. A., Fernandes, A. S. Ferreira, and L. M. Fernandes, (2010). “Enterprise Information Portals: Potential for Evaluating Research for Knowledge Management and Human Capital Assets Using Social Network Analysis.” 11th European Conference on Knowledge Management(ECKM 2010).
     [42.] OASIS. (2006). “Reference Model for Service Oriented Architecture 1.0,” retrieved April 2008 from http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf.
     [43.] Opincaru, C. and G. Gheorghe, (2009). “Service Oriented Security Architecture.” Enterprise Modelling and Information Systems Architectures Journal, 4(1): 39–48.
     [44.] Orrin, S. (2007). “The SOA/XML Threat Model and New XML/SOA/Web 2.0 Attacks & Threats.“, RSACONFERENCE 2008. retrieved December 2010 from http://www.lsec.be/upload_directories/documents/RSAConference2008/pdf/DEV-302.pdf
     [45.] Papazoglou, M.P., P. Traverso, S. Dustdar, and F. Leymann, (2008) “Service-Oriented Computing: a Research Roadmap,” International Journal of Cooperative Information Systems, 17(2): 223–255.
     [46.] Payne, K. P. and J. Kamruzzman, (2007). ”Services Oriented Architecture for Legal Web Portal.” 6th IEEE/ACIS International Conference on Computer and Information Science.
     [47.] Peterson, G. (2005). “Service Oriented Security Architecture.” Information Security Bulletin.
     [48.] Phifer, G. (2005). "A Portal May Be Your First Step to Leverage SOA," Gartner ID G00130149.
     [49.] Priebe, T., G. Pernul, (2003) “Towards Integrative Enterprise Knowledge Portals.” Twelfth International Conference on Information and Knowledge Management (CIKM 2003), New Orleans, LA, USA.
     [50.] Pulier, E. and H. Taylor (2006). Understanding Enterprise SOA. Manning Publications Co.
     [51.] Raol, J. M., K. S. Koong, L. C. Liu, and C. S. Yu, (2002). “An Identification and Classification of Enterprise Portal Functions and Features.” Industrial Management + Data Systems, 102(7): 390-399.
     [52.] Ratnasingam, P., (2002). “The Importance of Technology Trust in Web Services Security,” Information Management & Computer Security, 10(5):255-260.
     [53.] Sedukhin, I. (2003). “End-to-End Security for Web Services and Services Oriented Architectures.” Computer Associates, Inc.
     [54.] Sidharth, N. and J. Liu, (2007). “IAPF: A framework for enhancing web services security,” in 31st Annual International Computer Software and Applications Conference (COMPSAC), Beijing, 23–30.
     [55.] Singhal, A., T. Winograd, and K. Scarfone, (2007). "Guide to Secure Web Services," Recommendations of the National Institute of Standards and Technology (NIST). 800-895.
     [56.] Solms, V., (2000). “Information Security – The Third Wave?” Computers and Security, 19(7): 615–620.
     [57.] Terra, J. C. and C. Gordon, (2003). “Realizing the promise of corporate portals: leveraging knowledge for business success.” ButterworthHeinemann.
     [58.] Thomas, M. P., J. Burruss, L. Cinquini, G. Fox, D. Gannon, L. Gilbert, G. V. Laszewski, K. Jackson, D. Middleton, R. Moore, M. Pierce, B. Plale, A. Rajasekar, R. Regno, E. Roberts, D. Schissel, A. Seth, and W. Schroeder, (2005). “Grid Portal Architechures for Scientific Applications.” Journal of Physics: Conference Series 16, 596-600.
     [59.] Vernadat F. B., (2007). “Interoperable Enterprise Systems: Principles, Concepts and Methods.” Annual Reviews in Control 31, 237-145.
     [60.] Vo, H. T. K., C. Weinhardt and R. Wojciechowski, (2006). “Corporate Portals from A Service-Oriented Perspective the CoFiPot Implementation.” The 8th IEEE International Conference on and Enterprise Computing, E-Commerce, and E-Services(CEC/EEE’06).
     [61.] Wang W. and Y. Wang, (2009). “Research on Architecture of Information Security in Enterprise Portal,” Software Engineering, 2009. WCSE `09, 420-424.
     [62.] Washington State Department of Information Services.(2009). "Enterprise Service-Oriented Architecture (SOA) Domain Document", retrieved December 6, 2010 from http://www.dis.wa.gov/initiatives/enterprisearch/soa_intiative_domain.doc.
     [63.] Wojtkowski, W., (2007). “Collaborative Enterprise Portals, Encyclopaedia of Portal Technology and Applications.” Hershey, PA, Information Science Reference.
     [64.] Woods, D. and T. Mattern.(2006). “Enterprise SOA:Designing IT for Business Innovation.” O’Reilly.
     [65.] Yang, S., M. Yang, and J.T.B. Wu, (2005). “The impacts of establishing enterprise information portals on e-business performance. Industrial Management.” Data Systems, 105(3): 349-368.
     [66.] Youn C., (2003). “Web Services Based Architecture in Computational Web Portals,” The thesis for the degree of Doctoral of Syracuse University.
     [67.] Ziane, S. and H. Bacha, (2006). "Availability and Security for Complex Enterprise Web Services”, The Business Review, Cambridge, 5(1): 325-329.
zh_TW