检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《计算机科学》2006年第4期92-96,共5页Computer Science
基 金:湖北省自然科学基金项目(NO:2004ABA055);湖北省教育厅重点项目(NO:D200531005)资助
摘 要:Web 服务是一种新的面向服务的计算模式,由于其异构性、多域性和高度动态性,它提出了独特的安全挑战。一个关键的安全挑战就是要设计有效的访问控制机制。但目前存在的访问控制机制大多是基于身份的,存在严重的管理规模和控制粒度问题。本文提出利用基于属性的访问控制(Attribute-Based Access Control,ABAC)机制来处理 Web 服务的访问控制问题。ABAC 采用相关实体的属性进行授权决策,能解决管理规模问题,并提供细粒度的控制。另外,文中对 ABAC 进行了建模,讨论了其应用,最后还给出了一种实施框架。Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. However, the most of current access control systems is based authorization decisions on subject identity,occrues serious administrative scalability and control granularity problems. In this paper, an attribute-based access control (ABAC) model is presented to address these issues. ABAC grants accesses to services based on the attributes possessed by related entities, and can provide administratively scalable alterna- tive to identity-based authorization methods and provide fine-grained access control For Web services. Moreover, we develop a pattern for ABAC, discuss its application issues, and also describe the implementation architecture for the system in the end.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117
