摘要： 基于授权谓词决策的使用控制模型表达能力较弱。该文给出一种委托凭证模型细粒度表达决策结果，用委托凭证处理过程的状态组合替换原来的简单访问状态。决策组件根据请求时系统状态输出合理的委托凭证，根据系统状态的变化对委托凭证处理状态的转换进行决策。该方法有效避免了相同访问请求重复产生委托凭证，使委托凭证可以真实反映授权的实际需求。

关键词: 服务网格, 授权决策, 委托凭证

Abstract: To keep free from weak capability of express of the usage control model based on authorization predication decision(UCONA), a delegation certification model is proposed to express decision result in a fine-grained manner, and delegation certification processing statuses are defined to replace the simple access status. Decision component can make the reasonable delegation certification based on the system status when a request arrives, and also make decision to change the delegation certification processing status when the system status is changed. This method effectively avoids that the same access requests generate the delegation certification repeatedly, and the delegation certification really reflects actual demands of authorization.

Key words: service grid, authorization decision-making, delegation certification

中图分类号: 

• TP393