多自治域协同环境中群组通信的安全访问控制

支持多自治域协作的安全通信环境是大规模分布式应用的基础，群通信由于高效、可伸缩等特点，成为这种协作环境的一种基本通信方式．然而，由于没有集中的控制中心，实体分别隶属于异构的自治域且动态变化，引发了大量新的安全访问控制问题．针对多域协作的异构性和动态性特点，提出一套基于角色的分布式信任管理的解决方案，重点解决了动态联合授权以及基于属性的委托授权．在此基础上建立了一套较完整的安全通信体系，包括安全策略的协商、信任证的颁发、信任证与安全策略的一致性验证以及用户访问权限论证等．它为多域协作环境的群通信提供了更加灵活、可靠、安全的访问控制模式．

Secure Access Control for Group Communication on Multi-Autonomous Domains Collaborative Environment

Secure communication environment of multiple autonomous domains collaboration is the basis of large-scale distributed applications, group communication with the character of high efficiency and flexibility is the basic communication mode. However, these collaborative applications lack central control, and in addition their users and resources belong to different autonomous domains. Users in collaborative environments expect to join?leave group, access domain resources dynamically, which leads to large numbers of new security challenges and access control problem. In view of the heterogeneous and dynamic character of multiple autonomous domains collaboration, role-based access control with distributed trust management is complemented and a role-based distributed trust management framework is proposed, thus resolving dynamic joint authorization and attribute-based delegation authorization. Meanwhile, an infrastructure is presented, which includes security policy negotiation, credentials issue, proof-of-compliance for the credentials and access control policy, and reasoning about users' access rights. A more flexible, reliable, secure access control model is provided for the collaborative environment of multi-domains group communication.