A SWIFT Take on Identity Management

A proposed identity management framework provides privacy protection, by means of virtual identities, and cross-layer single sign-on for users who subscribe to multiple service and identity providers.     

排队系统的着色Petri网建模与分析

着色Petri网（CPN）是研究离散事件动态系统的有力工具,将着色Petri网引入排队系统建模中,能弥补排队模型缺乏动态逻辑行为分析能力的不足。针对排队系统一般模型建立顶层结构模型,并对排队系统的4个要素给出了具体的CPN描述。给出一个具体实例,阐明排队系统的CPN分析法的使用,利用仿真工具CPN-Tools对模型仿真实现,仿真结果与数学模型得出的理论值对比分析,验证了可行性。     

一种面向SaaS多租户的多层模型

SaaS(Software as a Service)伴随云计算而出现,它与传统软件的区别较大。根据SaaS软件的特点,提出支持SaaS软件成熟度的SaaS软件分层元模型,使用形式化方法对每一层进行建模描述。受面向对象Petri网(Object-Oriented Petri Nets,OOPN)和有色Petri网(Colored Petri Nets,CPN)思想的启发,提出面向服务网结构SOP(Service-Oriented Petri Nets)和CSOP(Colored Service-Oriented Petri Nets)。一方面,使用封装的库所元素代表服务,体现了服务对外不可见,且内部结构影响系统运行。另一方面,不同的颜色集代表不同租户请求,突出了SaaS多租户的特点。这不仅为复杂的SaaS软件建模提供了方法,还能够折叠系统变迁,压缩状态空间。最后,以一个 客户关系管理 (Customer Relationship Management,CRM)SaaS软件系统为例,验证了文中工作的可行性。     

基于SAML的图书资源联合身份访问控制机制

针对目前图书馆电子资源传统访问控制机制存在的缺陷，本文提出一种基于SAML规范的联合身份访问控制机制。该机制能够实现单点登录、保障身份认证的强度和保护用户的隐私，从而能够满足用户、管理员、分布资源和服务提供者的要求。     

基于有色Petri网的自动化物流系统的研究

针对西安科技大学自动化物流系统的任务规划,在研究有色Petri网相关理论的基础上,采用基于有色Petri网的方法对该物流系统进行建模,并结合实际系统提出了CPN模型描述性定义,然后在CPN Tools环境下对系统出、入库操作两种操作和出、入库和移库3种操作进行仿真,通过对系统模型状态空间的分析,验证了有色Petri网应用在物流系统中的通用性以及该系统具有有界性和活性等特性,进一步论证了该物流系统任务规划的合理性,为整个系统的稳定性和多任务的协调操作奠定了理论基础。     

基于SAML的真单点登录框架

随着企业信息化进程的推进,企业业务系统不断地增加.陆续加入的业务系统往往采用不同实现技术和安全策略,并且各自维护独立的认证授权体系,这样很容易形成"信息孤岛".为消除这种系统访问控制孤立,基于统一认证的单点登录(SingleSignOn)系统应运而生.然而,现有的单点登录模型在安全性、扩展性、可维护性等方面都存在诸多不足.本文基于安全断言标记语言SAML,设计了一个安全性高、互操作性好、松耦合的的统一认证单点登录框架,主要包括身份提供者过滤器和服务提供者过滤器模块、单点登录交互协议和安全保障机制.     

Petri网及其扩展研究

Petri网是一种应用非常广泛的建模工具。首先给出了基本Petri网的概念,在此基础上对多种Petri网进行了广泛的研究,包括时间因素Petri网、有色Petri网、面向对象Petri网、模糊Petri网及受控Petri网,并针对每种Petri网的特点和应用范围进行了讨论,提出了Petri网当前发展的方向和急需解决的热点问题。     

基于Time Petri Nets的实时系统资源冲突检测

Time Petri Nets在实时系统的建模和性能分析中得到广泛应用,而冲突是Petri网及其扩展模型的重要行为,解决冲突是正确分析模型动态行为的关键.目前随机Petri网、混合Petri网和区间速率连续Petri网的冲突检测方法由于没有考虑到时间约束因此无法在TPN网中使用.时间约束的引入使得Time Petri Nets模型的使能和触发语义比Petri网模型的语义复杂,冲突检测变得更加困难.为了计算冲突发生的时间和概率,首先根据时间约束,给出了变迁持续使能时延迟区间的计算方法,并证明了该方法的合理性和完备性;然后在此基础上定义并证明了Time Petri Nets模型中不冲突的检测方法;并提出了Time Petri Nets模型的冲突检测方法,给出了冲突时间区间和变迁实施概率的计算方法;最后通过实例验证说明了该方法的正确性和有效性.     

一种随机着色Petri网及模型的性能分析

针对随机Petri网（SPN）在系统性能分析时,其状态空间随着系统规模增大而指数性增长,造成求解稳定状态概率的复杂性的不足,提出了一种随机着色Petri网（SCPN）。分析了它的有界性和可达性,证明了它同构于一个一维连续时间的马尔可夫链;同时,也分析了随机着色Petri网用于建模和系统性能定量分析的方法。     

一种利用UML的Petri网软件实现方法

Petri网既是一种图形化建模工具,又是一种形式化数学工具。Petri网具有对并发、并行、分布、异步系统进行验证仿真的能力。但是,Petri网是用来描述和分析要开发的系统模型的工具。不是计算机的实现工具,必须要通过一定的方法才能将Petri网用软件来实现。由于UML(统一建模语言)具有友善的用户界面,易于编程实现,故提出一种利用UML作为过渡的Petri网软件实现方法。     

A toolset for conformance testing against UML sequence diagrams based on event-driven colored Petri nets

Novel techniques and a toolset are presented for automatically testing the conformance of software implementations against partial behavioral models constituted by a set of parameterized UML sequence diagrams, describing both external interactions with users or client applications and internal interactions between objects in the system. Test code is automatically generated from the sequence diagrams and executed on the implementation under test, and test results and coverage information are presented back visually in the model. A runtime test library handles internal interaction checking, test stubs, and user interaction testing, taking advantage of aspect-oriented programming techniques. Incremental conformance checking is achieved by first translating sequence diagrams to Extended Petri Nets that combine the characteristics of Colored Petri Nets and Event-Driven Petri Nets.     

基于有色Petri网的经营过程建模

在经营过程重组（BPR）的过程中,利用仿真工 具对经营过程建模与仿真分析,被认为是快速和顺利实施BPR的必要手段．目前大多数BPR支 持工具局限于对过程的仿真,而Petri网则因其严格的数学定义和丰富的分析方法,不仅能 够仿真过程的性能参数,还可以对过程的结构进行分析,从而在过程诊断和重组方案的设计 中发挥重要作用．将有色Petri网应用于经营过程建模,可以较好地描述经营过程的不确定 性、并发性和资源共享等问题,并解决模型中存在的冲突、死锁等问题,同时避免了普通Pe tri网过于复杂的缺点．     

B model: A browsing behavior model based on High-Level Petri Nets to generate behavioral patterns for e-learning

As Internet use has proliferated, e-learning systems have become increasingly popular. Many researchers have taken a great deal of effort to promote high quality e-learning environments, such as adaptive learning environments, personalized/adaptive guidance mechanisms, and so on. These researches need to collect large amounts of behavioral patterns for the verification and/or experimentation. However, collecting sufficient behavioral patterns usually takes a great deal of time and effort. To solve this problem, this paper proposes a browsing behavior model (B² model) based on High-Level Petri Nets (HLPNs) to model and generate students’ behavioral patterns. The adopted HLPN contains (1) Colored Petri Nets (CPNs), in which colored tokens can be used to identify and separate student, learning content and assessment, and (2) Timed Petri Nets (TPNs), in which time variable can be used to represent the time at which a student reads learning content. Besides, to validate the viability of the B² model, this paper implements a B² modeling tool to generate behavioral patterns. The generated behavioral patterns are compared with actual behavioral patterns collected from elementary school students. The results confirm that the generated behavioral patterns are analogous to actual behavioral patterns.     

一种基于Web单点登录系统实现

介绍了一种基于Web的单点登录实现方法,解决同一用户登录不同Web应用系统需要进行多次独立身份认证问题,详细讨论了单点登录系统中后台数据组织、存储安全性以及代理认证服务处理逻辑.同时,就服务通信安全与服务响应时间之间的矛盾问题提出了一种解决的方法.Web代理采用浏览器插件方式,截获用户第一次登录某个Web应用时的post数据,并将其存入数据库,用户在以后登录这个Web应用系统时自动提取数据库中post数据,省去了用户手动进行身份认证的过程,实现了统一身份认证.     

An Assertional Language for the Verification of Systems Parametric in Several Dimensions: (Preliminary Results)

We propose a rich assertional language to be used for symbolic verification of systems with several parametric dimensions. Our approach combines notions coming from different fields. We use Colored Petri Nets [16] to describe nets of processes carrying structured data. We combine concepts coming from constraint programming [23] and multiset rewriting [19] to finitely and concisely represent transitions and infinite collection of states of Colored Petri Nets. Finally, we incorporate these concepts in the verification technique based on backward reachability and upward-closed sets of [1,12]. We obtain a procedure that can be used as an automatic support for attacking parameterized verification problems. We apply these ideas to verify safety properties of a parameterized mutual exclusion algorithm. A number of open questions arise from our preliminary experiments, finding an adequate counterpart of our framework in the world of automated deduction being among the more interesting ones.     

Challenges to Supporting Federated Assurance

Federation is an identity management model in which various tasks associated with an identity transaction are distributed among the actors involved in the transaction. This model works from the premise that distributing tasks among the actors can achieve usability and privacy advantages for the user, as well as business efficiencies for businesses or applications. Typically, federated identity manifests itself as transferring some aspect of a user's identity from one entity to another. Web single sign-on is an archetypical example of a federated transaction, in which a user authenticates to one Web site and can then access another with the same login.     

UML模型到面向对象Petri网模型的映射

文章通过分析UML模型和面向对象Petri网各自的特点,提出了UML模型到面向对象Petri网模型的映射规则,从而实现了利用UML模型有效描述系统,利用面向对象Petri网模型模拟仿真系统的有效结合,实现了两者的优势互补.     

一种企业应用中的单点登录系统的设计

针对企业多套应用系统用户认证相对独立、用户必须同时使用多个账户重复登录的问题,根据企业应用环境特点设计了一种单点登录（SSO）体系,该设计基于SAML技术构建统一认证平台,建立了用户帐号映射关系,对现有系统进行客户化改造,封装成认证中心（IDP）和服务提供者（SP）,通过集成的认证代理实现认证服务,实现了SSO和现有系统的良好结合。     

Computer aided verification of Lamport's fast mutual exclusionalgorithm using colored Petri nets and occurrence graphs with symmetries

In this paper, we present a computer tool for verification of distributed systems. As an example, we establish the correctness of Lamport's Fast Mutual Exclusion Algorithm. The tool implements the method of occurrence graphs with symmetries (OS-graphs) for Colored Petri Nets (CP-nets). The basic idea in the approach is to exploit the symmetries inherent in many distributed systems to construct a condensed state space. We demonstrate a significant increase in the number of states which can be analyzed. The paper is to a large extent self-contained and does not assume any prior knowledge of CP-nets (or any other kinds of Petri Nets) or OS-graphs. CP-nets and OS-graphs are not our invention. Our contribution is the development of the tool and verification of the example, demonstrating how the method of occurrence graphs with symmetries can be put into practice