| 基于进程的Web服务访问控制模型 |
| |
| 引用本文: | 李国辉,罗铁坚,宋进亮. 基于进程的Web服务访问控制模型[J]. 计算机工程, 2007, 33(1): 148-150 |
| |
| 作者姓名: | 李国辉 罗铁坚 宋进亮 |
| |
| 作者单位: | 中国科学院研究生院,北京,100049;信息安全国家重点实验室,北京,100049;中国科学院研究生院,北京,100049;信息安全国家重点实验室,北京,100049;中国科学院研究生院,北京,100049;信息安全国家重点实验室,北京,100049 |
| |
| 基金项目: | 科技部科技基础条件平台建设计划 |
| |
| 摘 要: | 在对传统RBAC研究的基础上,针对Web Services低耦合、动态变化的特点提出了针对Web Services的访问控制模型——PBACWS。PBACWS中提出了元服务、元权限的概念对Web Services进行了描述。PBACWS突破了RBAC中对用户赋予角色的做法,利用服务权限令牌进行授权的概念,通过将动态生成的服务权限令牌赋予任务进程,实现了对Web Services进行细粒度的安全控制。
|
| 关 键 词: | Web Services 访问控制 Web Services的访问控制模型 服务权限令牌 |
| 文章编号: | 1000-3428(2007)01-0148-03 |
| 修稿时间: | 2006-03-15 |
Access Control Model for Web Services Based on Process |
| |
| LI Guohui,LUO Tiejian,SONG Jinliang. Access Control Model for Web Services Based on Process[J]. Computer Engineering, 2007, 33(1): 148-150 |
| |
| Authors: | LI Guohui LUO Tiejian SONG Jinliang |
| |
| Affiliation: | 1. Graduate School of Chinese Academy of Sciences, Beijing 100049; 2. State Key Laboratory of Information Security, Beijing 100049 |
| |
| Abstract: | A new kind of access control model——PBACWS(process based access model for Web Services) is invented concentrating on the low coupling and dynamic change characters of Web Services. Under the PBACWS model, concepts of meta service and meta permission are put forward to give better description of Web Services and it changes the tradition way of assigning user with role to use service permission token as the authorization entity. In this model, more effective access control for Web Services is made through assigning the task process with the dynamic service permission token. |
| |
| Keywords: | Web Services Access control Process based access model for Web Services(PBACWS) Service permission token |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
|
