| SOA中基于属性的访问控制安全策略 |
| |
| 引用本文: | 文俊浩,曾骏,张志宏.SOA中基于属性的访问控制安全策略[J].计算机科学,2010,37(9):147-150. |
| |
| 作者姓名: | 文俊浩 曾骏 张志宏 |
| |
| 作者单位: | 1. 重庆大学软件学院,重庆,400030
2. 中国建筑标准设计研究院,北京,100048 |
| |
| 基金项目: | 基金项目"十一五"国家科技支撑计划重点项目 |
| |
| 摘 要: | SOA环境具有分布性.异构性和动态性的特点,传统的访问控制模型已经不能满足其需求.为解决SOA环境下的访问控制问题,提出了一种基于属性的访问控制模型(Attribute-based Access Control,ABAC).模型以实体的属性作为评价的基本单位.通过对主体属性、资源属性以及环境属性的动态评估,结合访问控制策略来对用户的访问进行控制.并采用XACML和SAML两个规范对模型进行了实现.分析了框架中属性和访问控制策略的查询响应方法,以及访问授权的流程.分析结果表明,结合XACML和SAML标准实现的ABAC模型具有较好的安全性和移植性,适用于异构的SOA环境.
|
| 关 键 词: | 面向服务体系结构 基于属性 访问控制 |
Security Policy of Attribute-based Access Control in SOA |
| |
| WEN Jun-hao,ZENG Jun,ZHANG Zhi-hong.Security Policy of Attribute-based Access Control in SOA[J].Computer Science,2010,37(9):147-150. |
| |
| Authors: | WEN Jun-hao ZENG Jun ZHANG Zhi-hong |
| |
| Affiliation: | (College of Software Engineering, (;hongqing University, Chongqing 400030, China);(China Institute of Building Standard Design & Research,Beijing 100048,China) |
| |
| Abstract: | In order to improve the security of SOA-based system, it is essential to take advantage of access control in SOA. However, the traditional access control models are unable to be used in heterogeneous SOA environment To coordinate access control with heterogeneous environment,an Attributcbased access control(ABAC) model was proposed,which, takes the entities attributes as the basic units of evaluation. According to pre-defined strategy, the model can provide a dynamic access control by evaluating the attributes of subject,resource and environment The model was implemented by XACML and SAMI.Analysis shows that the access control model based on XACML and SAML standard provides more flexibility and portability, therefore it can be dedicated to the distributed environment using SOA. |
| |
| Keywords: | SAML XACML |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
|
