摘要
将各种安全功能从上层应用中抽象出来形成一种通用和标准的安全服务,可以简化应用开发的复杂性和增强安全功能的可重用性。论文设计并实现了一个基于XACML的通用分布式访问控制决策中间件UDACD(Universal Distributed Access Control Decision),对分布式环境下的访问控制决策过程进行了封装,对外面向各种应用提供通用的决策服务。UDACD支持多种访问控制策略类型和跨管理域的匿名资源访问控制;实现了对策略的缓存和对用户安全属性的两级缓存,显著加快了决策速度。UDACD可以帮助简化策略管理,并提供跨应用的一致策略实施。
To separate security functions from applications and reconstruct them into universal and standard services can help simplify the development of applications and make the security functions reusable.In the paper,a Universal Distributed Access Control Decision (UDACD) middleware which employs XACML is designed and implemented.It encapsulates the details of access decision and provides universal decision services to various kinds of distributed applications.UDACD can enforce multiple kinds of policies at the same time and support cross-domain anonymous resource access control.It employs policy cache and two levels of attribute caches,which can remarkably accelerate decision speed.It can help simplify policy administration and provide consistent policy enforcement among multiple applications.
出处
《计算机工程与应用》
CSCD
北大核心
2008年第1期17-20,24,共5页
Computer Engineering and Applications
基金
国家自然科学基金(the National Natural Science Foundation of China under Grant No.60603017)
国家高技术研究发展计划(863)(theNational High-Tech Research and Development Plan of China under Grant No.2006AA01Z454)
国家科技支撑计划(No.2006BAH02A02)。
