面向Web服务资源的两层访问控制方法  被引量:3

Attribute-based Two Level Access Control for Web Service Resources

在线阅读下载全文

作  者:霍远国[1] 马殿富[1] 刘建[1] 李竹青[1] 

机构地区:[1]北京航空航天大学计算机学院,北京100191

出  处:《计算机科学》2010年第7期125-129,133,共6页Computer Science

基  金:863国家重点基金项目"高可信软件生产工具及集成环境"(2007AA010301)资助

摘  要:Web服务资源具有静态的Web服务接口和动态的有状态资源两个组件。针对这两个组件的不同特征为它提出一种基于属性的两层访问控制方法(Two Level Attribute-Based Access Control,2L-ABAC)。2L-ABAC扩展基于属性的访问控制模型(Attribute-Based Access Control,ABAC),对这两个组件分别进行访问控制。ABAC系统的访问决定依赖于用户提供的主体属性,所以2L-ABAC采用策略发布机制告知用户所需的属性,并根据各层特征分别采用WSDL附件和元数据交换两种发布方式。除了分层设计带来的灵活性,2L-ABAC还继承了ABAC模型的特性,能够对来自其他安全域的用户进行访问控制。另外,它基于相关国际规范实现,如XACML和SAML,故具有通用性。Web Services Resource (WS-Resource) consists of static Web service interface and dynamic stateful resource. According to the different characteristics of the two components, we proposed an Attribute-Based Two Level Access Control (2L-ABAC) on for WS-Resources. Attribute retrieval is essential for ABAC systems because they are based on their decisions on attributes of users, so 2L-ABAC employs access control policies publishing mechanism to inform users of the needed attributes. Access control policies of Web Services are static and those of resources are dynamic, correspondently two publishing methods, WSDL attachment and metadata exchanging, are adopted for each level respectively. 2L-ABAC inherits from the ABAC model the capability of authorizing unknown users from other security domains, besides its flexibility due to the hierarchy design model. Moreover, this architecture can be implemented by extending the standard specifications such as XACML and SAML, so it has broad applicability for WS-Resource based systems.

关 键 词:WEB服务资源 基于属性的访问控制 WSDL XACML SAML 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象