摘要
针对电子政务云跨域访问中用户资源共享访问控制细粒度不足的安全问题,提出一种基于用户等级的跨域访问控制方案。该方案采用了云计算典型访问控制机制——身份和访问控制管理(IAM),实现了基于用户等级的断言属性认证,消除了用户在资源共享中由于异构环境带来的阻碍,提供一种细粒度的跨域访问控制机制。基于Shibboleth和Open Stack的keystone安全组件,搭建了云计算跨域访问系统,通过测试对比用户的域外和域内token,证明了方案的可行性。
Since the access control grain is not enough fine while users share resource during e-government cloud crossdomain access, a cross-domain access control scheme based on user's classification was proposed. In this scheme, a typical cloud computing access control mechanism — Identity and Access-control Management( IAM) was adopted, the assertion attribute authentication based on user classification was implemented, the obstruction caused by heterogeneity during resource sharing was also eliminated, and a fine-grained cross-domain access control mechanism was provided. Finally, a cross-domain system for cloud computer environment based on Shibboleth and secure component keystone of Open Stack was built, the feasibility of the scheme was proved by the test of comparing the tokens between inter-domain and outer-domain of a user.
出处
《计算机应用》
CSCD
北大核心
2016年第2期402-407,共6页
journal of Computer Applications
基金
中央高校基本科研业务费专项资金资助项目(YZDJ1202)
中央高校基本科研业务费资助项目(328201537)~~
关键词
电子政务云
跨域访问控制
等级
身份和访问控制管理
安全断言标记语言
e-government cloud
cross-domain access control
classification
Identity and Access-control Management(IAM)
Security Assertion Markup Language(SAML)