作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2010, Vol. 36 ›› Issue (4): 144-146. doi: 10.3969/j.issn.1000-3428.2010.04.050

• 安全技术 • 上一篇    下一篇

结合协商机制的Web服务属性访问控制模型

傅鹤岗,王 建   

  1. (重庆大学计算机学院,重庆 400044)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2010-02-20 发布日期:2010-02-20

Attribute Access Control Model for Web Services with Negotiation Mechanism

FU He-gang, WANG Jian   

  1. (College of Computer, Chongqing University, Chongqing 400044)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-02-20 Published:2010-02-20

摘要: 针对实现有效Web服务访问控制的问题,提出一种结合协商机制的Web服务属性访问控制模型。该模型基于安全断言标记语言和可扩展访问控制标识语言,利用主体属性和上下文属性的组合限制条件,提供细粒度的访问控制。通过加入协商机制,服务请求者可以与服务提供者相互沟通,在访问请求中动态地调整参数信息以获得访问授权。

关键词: Web服务, 访问控制, 协商

Abstract: This paper proposes an attribute-based access control model for Web services with negotiation to provide an effective access control mechanism. The model is based on SAML and XACML and takes the restrictive condition composed of identity attributes and context attributes to provide fine-grained access control. The negotiation ability in the model can make service requester communicate with the service provider and change the parameters in the request to get access to the services.

Key words: Web services, access control, negotiation

中图分类号: