基于等级的电子政务云跨域访问控制技术

针对电子政务云跨域访问中用户资源共享访问控制细粒度不足的安全问题,提出一种基于用户等级的跨域访问控制方案。该方案采用了云计算典型访问控制机制——身份和访问控制管理(IAM),实现了基于用户等级的断言属性认证,消除了用户在资源共享中由于异构环境带来的阻碍,提供一种细粒度的跨域访问控制机制。基于Shibboleth和OpenStack的keystone安全组件,搭建了云计算跨域访问系统,通过测试对比用户的域外和域内token,证明了方案的可行性。

Cross-domain access control for e-government cloud based on classification

Since the access control grain is not enough fine while users share resource during e-government cloud cross-domain access, a cross-domain access control scheme based on user's classification was proposed. In this scheme, a typical cloud computing access control mechanism——Identity and Access-control Management (IAM) was adopted, the assertion attribute authentication based on user classification was implemented, the obstruction caused by heterogeneity during resource sharing was also eliminated, and a fine-grained cross-domain access control mechanism was provided. Finally, a cross-domain system for cloud computer environment based on Shibboleth and secure component keystone of OpenStack was built, the feasibility of the scheme was proved by the test of comparing the tokens between inter-domain and outer-domain of a user.