摘要
SOA环境具有分布性、异构性和动态性的特点,传统的访问控制模型已经不能满足其需求。为解决SOA环境下的访问控制问题,提出了一种基于属性的访问控制模型(Attribute-based Access Control,ABAC)。模型以实体的属性作为评价的基本单位。通过对主体属性、资源属性以及环境属性的动态评估,结合访问控制策略来对用户的访问进行控制。并采用XACML和SAML两个规范对模型进行了实现。分析了框架中属性和访问控制策略的查询响应方法,以及访问授权的流程。分析结果表明,结合XACML和SAML标准实现的ABAC模型具有较好的安全性和移植性,适用于异构的SOA环境。
In order to improve the security of SOA-based system,it is essential to take advantage of access control in SOA.However,the traditional access control models are unable to be used in heterogeneous SOA environment.To coordinate access control with heterogeneous environment,an Attribute-based access control(ABAC) model was proposed,which,takes the entities' attributes as the basic units of evaluation.According to pre-defined strategy,the model can provide a dynamic access control by evaluating the attributes of subject,resource and environment.The model was implemented by XACML and SAML.Analysis shows that the access control model based on XACML and SAML standard provides more flexibility and portability,therefore it can be dedicated to the distributed environment using SOA.
出处
《计算机科学》
CSCD
北大核心
2010年第9期147-150,共4页
Computer Science
基金
基金项目"十一五"国家科技支撑计划重点项目(2007BAF23B03)资助
