摘要： 在对传统RBAC研究的基础上，针对Web Services低耦合、动态变化的特点提出了针对Web Services的访问控制模型——PBACWS。PBACWS中提出了元服务、元权限的概念对Web Services进行了描述。PBACWS突破了RBAC中对用户赋予角色的做法，利用服务权限令牌进行授权的概念，通过将动态生成的服务权限令牌赋予任务进程，实现了对Web Services进行细粒度的安全控制。

关键词: Web Services, 访问控制, Web Services的访问控制模型, 服务权限令牌

Abstract: A new kind of access control model——PBACWS(process based access model for Web Services) is invented concentrating on the low coupling and dynamic change characters of Web Services. Under the PBACWS model, concepts of meta service and meta permission are put forward to give better description of Web Services and it changes the tradition way of assigning user with role to use service permission token as the authorization entity. In this model, more effective access control for Web Services is made through assigning the task process with the dynamic service permission token.

Key words: Web Services, Access control, Process based access model for Web Services (PBACWS), Service permission token