In Web Service composition, the access control policies are usually defined by external sub-services for protecting safe use of re sources, while in composite scripts there are the complex control logic structure as well. These two factors make it extremely complicated for a system security administrator to specify the access control policies for composite services. In this paper we propose a condition-based access control policy model and the related policy composition algebra,and map the control structures familiar in WS-BPEL to corresponding policy composition expression,then construct the access control policies of the composite service based on the composition of access control policies of external sub-services. Finally,we design a prototype to depict the total process of policy composition.%在Web服务组合中,外部子服务通常会定义访问控制策略以保护资源被安全的使用,同时组合脚本中也存在着复杂的逻辑控制结构,这两点因素使安全管理员在描述组合服务的访问控制策略变得非常复杂.提出一种基于条件的访问控制策略模型以及基于该模型的策略合成代数,将WS - BPEL语言中常见控制结构映射成策略合成表达式,通过合成外部子服务的访问控制策略,生成组合服务的访问控制策略.最后,设计了原型系统描述策略合成的流程.
展开▼