摘要
面向服务的体系结构具有开发效率高、响应快、费用低等优点.但是由于其结构的松散耦合性和计算的动态性,从而造成其安全管理更为复杂.文章首先回顾了访问控制技术的发展,然后提出了一个面向工作流和服务的基于角色访问控制模型.在这个模型中,通过引入服务和授权迁移的概念,加强了对动态服务架构的描述能力.模型对用户角色权限的控制,是通过实际任务和服务状态进行管理的,这样能够有效地加强访问控制的灵活性和系统的安全性.
Service-oriented architecture (SOA) is an evolution of client/server architecture. A SOA-based system can transparently incorporate services running on different software platforms. It could drive the costs down by achieving automated code generation, reuse, and interoperability. But it will cause the complexity of security management due to its loose-couple and dynamic characteristics. The paper first reviews the development of access control technology, and then presents a workflow-based and services-oriented role-based access control (WSRBAC) model. In the model, the authors introduce two notions of services and authorization transfer to describe dynamic service-oriented architecture. In WSRBAC model, access control system can make its access control decisions by capturing practical relevant environmental context. It can realize access control with dynamic grant and adapt permissions based on the state of workflows and services. This model can enhance system security and provide flexibility in access control system.
出处
《计算机学报》
EI
CSCD
北大核心
2005年第4期686-693,共8页
Chinese Journal of Computers
基金
国家自然科学基金(60473091)
国家"八六三"高技术研究发展计划项目基金(2003AA142010)资助.
关键词
面向服务
安全
访问控制
角色
工作流
Computer networks
Formal languages
Information management
Middleware
Security of data