一种面向服务的权限管理模型

面向服务的体系结构(Service-Oriented Architecture，SOA)是设计和构建松耦合软件系统的方法，它可将基于中间件开发的分布式应用共享为Internet环境下的软件服务．传统中间件的用户权限系统具有较好的灵活性，基本满足封闭系统的安全需求．但在SOA模式下，难以满足不同节点和系统互相请求服务和共享资源过程中的授权．该文提出了一个面向服务的权限管理模型，通过支持用户之间的代理和提供一定的推理能力，为应用开发者提供了更完善的权限管理机制，并扩展了中间件跨越组织共享资源和服务的能力．该模型在一个J2EE应用服务器上被实现和验证．实验证明，该模型具有良好的灵活性和可扩展性，并且性能影响在合理的范围．

A Permission Management Model in Service -Oriented Architecture

Service Oriented Architecture (SOA) is a method to design and construct loose coupling software systems. It turns the distributed applications developed on middleware into software services on Internet. Traditional permission management system on middleware has good flexibility and basically, meets the security requirements of closed system, but under SOA, it cannot meet the authorization requirements of requesting services and sharing resources between different nodes and systems. This paper proposes a service oriented permission management model, supporting delegation and reasoning to provide application developers with improved permission management mechanism and to expand capabilities of middleware to share resources and services across organizations. The above model is implemented and validated in a J2EE application server. The experiments show that the model has high flexibility and scalability, and it is reasonable that when over 50 clients request at the same time, response time increases a lot because of signature verifications and file IO operations.