摘要
面向服务的体系结构由于其结构的松散性和计算的动态性等特点,使得其安全管理更加复杂。文中通过对工作流的访问控制机制的具体分析,给出了一个面向服务的基于角色和工作流状态的访问控制模型,在授权时使用增强权限约束机制,以提供一种更为灵活的授权方法。该模型可以保证授权有效时间与任务执行时间的同步,有效地加强系统的安全性和访问控制的灵活性,实现了最小特权原则和动态职责分离。
Service-oriented architecture may cause the complexity of security management due to its loose-couple and dynamic characteristics. Through the concretely analysis to the workflow-based access control system, a workflow-based and services-oriented role-based access control model is given, the model supported by enhanced constraints permissions, it could provide the authorization more flexible. The model can ensure the authorization valid time synchronize with the execution time, improve the safety and flexibility of the access control system, and realize the principle of least privilege and the dynamic separation of duties.
出处
《微计算机信息》
北大核心
2007年第33期207-208,192,共3页
Control & Automation
基金
江苏省自然科学基金资助项目(bk20003017)
关键词
角色
权限约束
访问控制
工作流
role, permission constraints, access control, workflow
