摘要： 针对面向服务的体系结构下企业应用安全需求，通过分析WS-BPEL业务流程特点，提出一种面向执行体的访问控制模型。该模型可以动态地进行权限授予与回收，并引入角色和约束机制。在此基础上，将流程活动映射到访问控制模型元素，从而在流程定义和权限管理隔离的情况下，实现WS-BPEL业务流程执行过程中的访问控制策略实施。

关键词: Web服务业务流程执行语言, 安全, 访问控制

Abstract: Aiming at the security needs of enterprise application which is with the Service-Oriented Architecture(SOA), this paper analyzes the features of WS-BPEL business process, and then proposes an execution-oriented access control model, which can grant and withdraw permissions dynamically. Meanwhile, role and constraint mechanism are introduced. On the foundation of the former work, business activities are mapped to access control elements, so that the model can accomplish the work of access control for the process under the condition of separation between process definition and permission management.

Key words: Web Services-Business Process Execution Language(WS-BPEL), security, access control

中图分类号: 

• TP309