摘要
针对服务网格授权的新特点,对UCONA进行研究和改进.提出一套满足服务网格授权决策需求的策略规范,并证明其完备性和正确性.将原来简单的访问状态改进并扩充为委托凭证处理过程的状态组合.决策组件能根据访问请求时的系统状态输出合理的委托凭证,也能根据系统状态的变化进行再决策以转换委托凭证的处理状态.证明了新策略规范的完备性和正确性,并通过实例展示了它的表达能力.
UCONA(usage control model based on authorization predicate) was researched to improve grid authorization performance. A policy specification was proposed to meet the demands of grid authorization decision. Delegation certification processing statuses were defined to replace the simple access status. Decision component could make the reasonable delegation certification based on the system status when a request arrived, and could also make decision to change the delegation certification processing status when the system status changed. The completeness and soundness of the new policy specification were proved. The excellent expression capability of this specification was also exhibited by an example.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2008年第8期66-70,共5页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(60573127)
湖南省自然科学基金资助项目(07JJ3128)
关键词
服务网格
授权决策
委托凭证
策略规范
service grid
authorization decision
delegation certification
policy specification