SOA中基于属性的访问控制安全策略

计算机科学 ›› 2010, Vol. 37 ›› Issue (9): 147-150.

SOA中基于属性的访问控制安全策略

文俊浩,曾骏,张志宏

(重庆大学软件学院重庆400030);(中国建筑标准设计研究院北京100048)

出版日期:2018-12-01 发布日期:2018-12-01
基金资助:
本文受基金项目“十一五”国家科技支撑计划重点项目(2007BAF23B03)资助.

Security Policy of Attribute-based Access Control in SOA

WEN Jun-hao,ZENG Jun,ZHANG Zhi-hong

Online:2018-12-01 Published:2018-12-01

摘要/Abstract

摘要： SOA环境具有分布性、异构性和动态性的特点，传统的访问控制模型已经不能满足其需求。为解决SOA环境下的访问控制问题，提出了一种基于属性的访问控制模型(Attributcbascd Acccss Contro1,ABAC)。模型以实体的属性作为评价的基本单位。通过对主体属性、资源属性以及环境属性的动态评估，结合访问控制策略来对用户的访问进行控制。并采用XACM工和SAML两个规范对模型进行了实现。分析了框架中属性和访问控制策略的查询响应方法，以及访问授权的流程。分析结果表明，结合XACML和SAM工标准实现的A13AC模型具有较好的安全性和移植性，适用于异构的SOA环境。

关键词: 面向服务体系结构，基于属性，访问控制，SAML, XACML

Abstract: In order to improve the security of SOA-based system, it is essential to take advantage of access control in SOA. However, the traditional access control models are unable to be used in heterogeneous SOA environment To coordinate access control with heterogeneous environment,an Attributcbased access control(ABAC) model was proposed,which, takes the entities attributes as the basic units of evaluation. According to pre-defined strategy, the model can provide a dynamic access control by evaluating the attributes of subject,resource and environment The model was implemented by XACML and SAMI.Analysis shows that the access control model based on XACML and SAML standard provides more flexibility and portability, therefore it can be dedicated to the distributed environment using SOA.

Key words: SOA, Attribute-based, Access control, SAML, XACML

文俊浩,曾骏,张志宏. SOA中基于属性的访问控制安全策略[J]. 计算机科学, 2010, 37(9): 147-150. https://doi.org/

WEN Jun-hao,ZENG Jun,ZHANG Zhi-hong. Security Policy of Attribute-based Access Control in SOA[J]. Computer Science, 2010, 37(9): 147-150. https://doi.org/

参考文献

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed