摘要： 针对现有访问控制策略难以保障面向Web 服务的复杂电子政务系统授权的灵活性问题,在研究基于组织的四层访问控制模型(OB4LAC)的基础上,提出一种基于组织的Web 服务访问控制模型。以组织为核心,从管理的视角研究访问控制与授权管理问题。通过引入岗位代理和授权单元,使授权随着环境上下文信息的变化而调整,从而实现动态授权,同时利用授权单元的状态迁移,对工作流模式提供支持。并且模型将权限分为服务权限和 服务属性权限2 级,实现细粒度的资源保护。应用实例结果表明,该模型能够契合电子政务系统中的复杂组织结构,在保护Web 服务资源的同时,使得授权更加高效和灵活。

关键词: 访问控制, 电子政务, 组织结构, Web 服务, 岗位代理, 动态授权

Abstract: For the problem of current access control strategies difficultly guaranteeing the flexibility of authorization of complex E-government system for Web service,this paper proposes an organization-based access control model for Web services on the basis of the research of the organization-based 4 level access control model. The model takes organization as the core and studies the issue of access control and authorization management from the perspective of management. Through importing the position agent and authorization unit in the model,the authorization can be adjusted according to the change of the environment context information to implement the dynamic authorization,while taking advantage of the state migration of authorization units,provides support for workflow patterns. Furthermore,the model divides permissions into service permissions and service attribute permissions,and achieves fine-grained resource protection. Application examples show that the model can commendably fit the complex organization structure in E-government system. Moreover,it can make authorization more efficient and flexible meanwhile protecting the Web service resources.

Key words: access control, E-government, organization structure, Web service, position agent, dynamic authorization

中图分类号: 

• TP311. 5