Abstract: Aiming at the deficiency of traditional eXtensible Access Control Markup Language(XACML), this paper proposes the structure of Web services oriented interactive access control protocol and its implementation, in order to ensure the security of information transmission, this paper presents a framework of SAML based certification authority to design the matching mechanism. It takes the process of authorization for Web services access as an example, analyzing the process of interactive Web service access control protocol, and proves result that it can provide better support to the safety of access control for collaborative applications such as collaborative business environment and mobile business environment platform.

Key words: Web services, eXtensible Access Control Markup Language(XACML), interactive access control, protocol

摘要： 针对传统访问控制策略的不足，提出面向Web服务的交互式访问控制策略模式，为适应Web服务间的信息交互访问安全，设计一种基于SAML认证授权框架以实现协同用户与服务商之间交互访问的匹配机制。以Web服务的访问控制过程为例，分析Web服务的交互式访问控制协议的实现过程，结果证明，该协议能为Web服务提供更细粒度的访问控制。

关键词: Web服务, 可扩展访问控制标记语言, 交互式访问控制, 协议

CLC Number: 

• TP309