摘要
Web 服务是一种新的面向服务的计算模式,由于其异构性、多域性和高度动态性,它提出了独特的安全挑战。一个关键的安全挑战就是要设计有效的访问控制机制。但目前存在的访问控制机制大多是基于身份的,存在严重的管理规模和控制粒度问题。本文提出利用基于属性的访问控制(Attribute-Based Access Control,ABAC)机制来处理 Web 服务的访问控制问题。ABAC 采用相关实体的属性进行授权决策,能解决管理规模问题,并提供细粒度的控制。另外,文中对 ABAC 进行了建模,讨论了其应用,最后还给出了一种实施框架。
Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. However, the most of current access control systems is based authorization decisions on subject identity,occrues serious administrative scalability and control granularity problems. In this paper, an attribute-based access control (ABAC) model is presented to address these issues. ABAC grants accesses to services based on the attributes possessed by related entities, and can provide administratively scalable alterna- tive to identity-based authorization methods and provide fine-grained access control For Web services. Moreover, we develop a pattern for ABAC, discuss its application issues, and also describe the implementation architecture for the system in the end.
出处
《计算机科学》
CSCD
北大核心
2006年第4期92-96,共5页
Computer Science
基金
湖北省自然科学基金项目(NO:2004ABA055)
湖北省教育厅重点项目(NO:D200531005)资助