一种基于多本体体系的语义Web服务访问控制方法

提出一种基于多本体体系的语义W cb服务访问控制方法。首先,基于分布式描述逻辑DDI,刻画了一种基 于桥接本体的跨域多本体体系,它为语义Web服务的访问控制提供了知识库;其次,在基于语义的访问控制方法基础 上,给出了适用于语义Wcb服务的访问控制模型;最后,设计了基于多本体体系的语义W cb服务访问控制方法及其 体系结构,并给出了该方法的案例应用。在语义Web服务的访问控制方法中,基于桥接本体的跨域多本体体系既为 各安全域的语义模型提供了语义关联,又保证了各安全域中语义表示的隐私性。     

基于策略的Web服务访问控制研究

资源的访问控制是开放、异构Web服务环境必须满足的重要安全需求之一。提出了基于策略的访问控制（PBAC）模型，比较了PBAC与基于角色的访问控制（RBAC），分析了PBAC对策略语言和策略管理架构的需求；基于扩展访问控制语言（XAC№）和基于属性的访问控制（舢五地）模型，提出了一种基于策略的访问控制方法。这种方法满足了Web服务对互操作性、管理灵活性和系统规模性的需求。最后，对语义策略语言进行了展望。     

基于证书的语义Web服务访问控制方法

为了实现语义Web服务环境中的访问控制机制,研究了基于证书授权的访问控制方法.在对语义Web服务的访问控制需求进行分析的基础上,提出了将简单公钥基础设施/简单分布式安全基础设施(SPKI/SDSI)证书与OWL-S本体描述集成的访问控制方法,该方法将访问控制描述与服务功能描述集成在一个统一的框架中,既便于管理又提高了用户访问Web服务的效率.     

基于语义Web技术的属性访问控制模型*

基于语义Web技术和扩展访问控制标记语言(XACML),提出了一种具有语义的属性访问控制模型.该模型利用XACML,可实现基于属性的访问控制;而利用语义Web技术,可降低属性策略定义和维护的复杂性,同时也可保护用户的敏感属性.     

一种基于本体的分布式面向服务的体系结构风格

语义Web服务,作为本体技术与面向服务的体系架构的完美结合,已经成为语义Web和面向服务的软件工程的一个重要研究方向。OWL-S和WSMF等语义Web服务方法,为Web服务描述标准（WSDL）,提供了基于本体的框架,从而实现服务的自动化发现、调用和组合。但基于原有语义Web服务方法,处理组合服务时,对子服务构件之间通信的建模缺乏实际意义上的语义。基于本体和P2P技术,建立一套通用的分布式的面向服务的体系结构——DisOntoSOA。DisOntoSOA不局限于任何一种编程语言和任何一种特定的Web服务技术。因此,只要是结合本体与SOA的方法,都适用于该体系。     

Web服务中结合XACML的基于属性的访问控制模型

分析了XACML（eXtensible Access Control Markup Language,可扩展访问控制标记语言）的特点,提出了一种面向Web服务的结合XACML的基于属性的访问控制（Attribute-Based Access Control,ABAC）模型。模型采用基于用户、资源和环境属性、而不是基于用户身份的授权机制,可动态地评估访问请求,提供细粒度的访问控制;采用XACML标准,既可增加互操作性,又能适用于分布式环境,特别适合于Web服务的动态性、异构性等特点。     

基于语义Web和RBAC策略的GDSS模型管理方法研究

群体决策支持系统（GDSS）研究的一个热点就是模型管理。模型管理存在两个方面的问题：模型的访问控制和模型的动态发现及组合。本文提出了一个基于语义元数据的模型管理系统S3MS（Semantic Metadata based Model Management System），该系统引入了RBAC（基于角色的访问控制）策略和语义Web的服务本体描述机制，用以优化并解决上面两个问题。     

基于XACML的Web服务访问控制研究

详细介绍了Web服务授权和访问控制机制中一个重要规范：可扩展访问控制标记语言（XACML）,给出了基于XACML的访问控制模型的执行流程,使用SUN公司提供的XACML工具包实现了一个具体应用。最后得出此模型更加灵活、安全的结论,特别适用于异构的Web服务环境,并对XACML的发展作了展望。     

基于XACML的Web服务安全访问控制模型

Web服务已成为新一代电子商务的框架,其安全问题是不可忽视的问题,需要一种灵活高效的访问控制来保护.通过分析可扩展访问控制标记语言(XACML)和授权管理基础设施(PMI),给出了一种适合于Web服务安全的访问控制系统模型.该系统模型基于属性证书和策略集,用XACML作为描述访问控制决策的语言,适用于Web服务的动态性、异构性等特点.     

基于语义Web技术的策略安全方法

基于语义Web技术延伸策略管理的范畴,在实现Web安全访问控制的同时通过推理也实现了策略的动态调整过程,提出了一种实现安全Web服务访问的多层策略方法,对下一代Web服务应用进行了有益的探索.     

基于任务和角色的双重Web访问控制模型

互联网／内联网和相关技术的迅速发展为开发和使用基于Web的大规模分布式应用提供了前所未有的机遇，企业级用户对基于Web的应用(Web-based application，WBA)依赖程度越来越高．访问控制作为一种实现信息安全的有效措施，在WBA的安全中起着重要作用．但目前用来实现WBA安全的访问控制技术大多是基于单个用户管理的，不能很好地适应企业级用户的安全需求．因此提出了基于任务和角色的双重Web访问控制模型(task and role-based access control model for Web，TRBAC)，它能够满足大规模应用环境的Web访问控制需求．并对如何在Web上实现TRBAC模型进行了探讨，提供了建议．同时，应用TRBAC模型实现了电子政务系统中网上公文流转系统的访问控制．     

企业多Web系统的访问控制研究

本文通过对企业Web系统应用中访问控制机制的现状及不足进行分析，提出了基于Web服务的访问控制方案，并利用该方案实现了时企业中多个Web系统进行统一的访问控制。     

A Trust-Based Context-Aware Access Control Model for Web-Services

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. Additionally, the unique service access control features required in Web services technology are not captured in existing schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based Role Based Access Control (X-RBAC) framework that incorporates trust and context into access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and provide a service access control specification. The paper presents an example service access policy composed using our framework, and also describes the implementation architecture for the system.This is an extended version of the paper that has been presented at the 3rd International Conference on Web Services (ICWS), San Diego, 6–9 July 2004.Recommended by: Athman Bouguettaya and Boualem Benatallah     

WSB: a broker‐centric framework for quality‐driven web service discovery

Web service interfaces can be discovered through several means, including service registries, search engines, service portals, and peer‐to‐peer networks. But discovering Web services in such heterogeneous environments is becoming a challenging task and raises several concerns, such as performance, reliability, and robustness. In this paper, we introduce the Web Service Broker (WSB) framework that provides a universal access point for discovering Web services. WSB uses a crawler to collect the plurality of Web services disseminated throughout the Web, continuously monitor the behavior of Web services in delivering the expected functionality, and enable clients to articulate service queries tailored to their needs. The framework features ranking algorithms we have developed which are capable of ranking services according to Quality of Web Service parameters. WSB can be seamlessly integrated into the existing service‐oriented architectures. Copyright © 2010 John Wiley & Sons, Ltd.     

Model‐driven design of collaborative Web applications

This paper introduces a model‐driven approach to the design of collaborative Web‐based applications, i.e. applications in which several users play different roles, in a collaborative way, to pursue a specific goal. The paper illustrates a conference management application (CMA), whose main requirements include: (i) the management of users profiles and access rights based on the role played by users during the conference life cycle; (ii) the delivery of information and services to individual users; (iii) the management of the sequence of activities that lead to the achievement of a common goal. The presented approach is based on WebML, a conceptual modelling language for the Web. The paper also highlights some general properties—as understood by the practical experience of CMA development—that a Web modelling language should feature in order to fully support the development of collaborative applications. Copyright © 2003 John Wiley & Sons, Ltd.     

Web search results caching service for structured P2P networks

This paper proposes a two-level P2P caching strategy for Web search queries. The design is suitable for a fully distributed service platform based on managed peer boxes (set-top-box or DSL/cable modem) located at the edge of the network, where both boxes and access bandwidth to those boxes are controlled and managed by an ISP provider. Our solution significantly reduces user query traffic going outside of the ISP provider to get query results from the respective Web search engine. Web users are usually very reactive to worldwide events which cause highly dynamic query traffic patterns leading to load imbalance across peers. Our solution contains a strategy to quickly ease imbalance on peers and spread communication flow among participating peers. Each peer maintains a local result cache used to keep the answers for queries originated in the peer itself and queries for which the peer is responsible for by contacting the Web search engine on-demand. When query traffic is predominantly routed to a few responsible peers our strategy replicates the role of “being responsible for” to neighboring peers so that they can absorb query traffic. This is a fairly slow and adaptive process that we call mid-term load balancing. To achieve a short-term fair distribution of queries we introduce a location cache in each peer which keeps pointers to peers that have already requested the same queries in the recent past. This lets these peers share their query answers with newly requesting peers. This process is fast as these popular queries are usually cached in the first DHT hop of a requesting peer which quickly tends to redistribute load among more and more peers.     

基于Web Service的授权访问控制方法

授权访问控制是管理信息系统中不可缺少的重要模块,而传统的权限控制模块耦合性和复用性都有待改善.设计了一种基于Web服务的独立授权访问控制方法.该方法抽象出授权访问控制中的基本功能,通过把授权信息以五元组的形式封装到数据库表字段中,从而能够独立出授权访问控制功能,在这样的基础之上再将授权访问控制方法Web服务化,从而形成耦合性低、可复用性强、能被异构环境下各种平台上的各种应用方便地调用的授权访问控制模块.     

Web挖掘研究

因特网目前是一个巨大,分布广泛,全球性的信息服务中心,它涉及新闻,广告,消费信息,金融管理,教育,政府,电子商务和许多其它信息服务,Web包含了丰富和动态的超链接信息,以及Web页面的访问和使用信息,这为数据挖掘提供了丰富的资源,Web挖掘就是从Web活动中抽取感兴趣的潜在有用模式和隐藏的信息,对Web挖掘最新技术及发展方向做了全面分析,包括Web结构挖掘,多层次Ｗeb数据仓库方法以及Ｗ eb,Log挖掘等。     

Aligning Semantic Web applications with network access controls

Access controls for Semantic Web applications are commonly considered at the level of the application-domain and do not necessarily consider the security controls of the underlying infrastructure to any great extent. Low-level network access controls such as firewalls and proxies are considered part of providing a generic network infrastructure that hosts a variety of Semantic Web applications and is independent of the application-level access control services. For example, it is unusual to include firewall policy rules in an application policy that constrain the kinds of application information different principals may access. As a consequence, an improperly configured infrastructure may unintentionally hinder the normal operation of a Semantic Web application. Simply opening a firewall for HTTP and HTTPS services does not necessarily result in a proper configuration. Taking an ontology-based approach, this paper considers how a firewall configuration should be analyzed with respect to the Semantic Web application(s) that it hosts.