摘要： 将安全断言标记语言和可扩展的访问控制高标识语言相结合，设计一种Web服务下的基于信任的访问控制模型。在信任域内，服务提供方利用与请求方的直接交互经验和域内其他证人的推荐信任信息，进行信任评估和授权，该模型包括认证模块和访问控制模块。认证模块实现单点登录的功能，访问控制模型实现基于信任的访问控制和授权功能。

关键词: Web服务, 信任, 访问控制, 安全断言标记语言

Abstract: This paper designs a WS-TBAC(Trust-Based Access Control for Web Service) model by using Security Assertion Markup Language(SAML) and eXtensible Access Control Markup Language(XACML). In trust region, providers use direct interactive experience and recommended trust information from other witness in the region, to evaluate requestors’ trust and decide whether to give authorization or not. This model includes authentication module and access control module. Authentication module realizes single sign on, and access control module realizes access control and authorization based on trust.

Key words: Web service, trust, access control, Security Assertion Markup Language(SAML)

中图分类号: 

• TP309