摘要
针对现有访问控制策略难以保障面向Web服务的复杂电子政务系统授权的灵活性问题,在研究基于组织的四层访问控制模型(OB4LAC)的基础上,提出一种基于组织的Web服务访问控制模型。以组织为核心,从管理的视角研究访问控制与授权管理问题。通过引入岗位代理和授权单元,使授权随着环境上下文信息的变化而调整,从而实现动态授权,同时利用授权单元的状态迁移,对工作流模式提供支持。并且模型将权限分为服务权限和服务属性权限2级,实现细粒度的资源保护。应用实例结果表明,该模型能够契合电子政务系统中的复杂组织结构,在保护Web服务资源的同时,使得授权更加高效和灵活。
For the problem of current access control strategies difficultly guaranteeing the flexibility of authorization of complex E-government system for Web service,this paper proposes an organization-based access control model for Web services on the basis of the research of the organization-based 4 level access control model. The model takes organization as the core and studies the issue of access control and authorization management from the perspective of management. Through importing the position agent and authorization unit in the model,the authorization can be adjusted according to the change of the environment context information to implement the dynamic authorization,while taking advantage of the state migration of authorization units,provides support for workflow patterns. Furthermore,the model divides permissions into service permissions and service attribute permissions, and achieves fine-grained resource protection. Application examples show that the model can commendably fit the complex organization structure in E-government system. Moreover,it can make authorization more efficient and flexible meanwhile protecting the Web service resources.
出处
《计算机工程》
CAS
CSCD
2014年第11期65-70,76,共7页
Computer Engineering
基金
国家自然科学基金资助重点项目(91024029)
国家自然科学基金青年科学基金资助项目(71001013)
关键词
访问控制
电子政务
组织结构
WEB服务
岗位代理
动态授权
access control
E-government
organization structure
Web service
position agent
dynamic authorization