一种社区授权服务的拉式模型

A Pulling-Model of Community Authorization Service

针对目前网格中的社区授权服务(CAS)推式模型所存在的某些安全问题,提出了一种拉式模型。在拉式模型中,引入一个CAS缓存服务器;由资源提供者(而不是用户)向CAS缓冲服务器查询用户的权限声明,并与本地授权策略相结合形成用户在本资源上的最终有效权限。该文详细描述了用户向资源提供者进行服务请求的认证步骤,并从运行效率和安全性、可靠性等方面与推式模型进行了对比分析。

In allusion to some questions existed in current community authorization service （CAS） pushing - model, a pulling - model is proposed. In the pulling-model,a CAS caching server is introduced;resource provider,but not users, require user＇s authorization assertion from the CAS caching server to obtain final effective rights for users on the resource, constrained with local authorization policies. The authentication steps how users require services on providers, are described in detail. It is contrastively analyzed with pushing - model from performance, security and dependability.