• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>International journal of web services research >An Adaptive Access Control Model for Web Services
【24h】

An Adaptive Access Control Model for Web Services

机译:Web服务的自适应访问控制模型

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

This paper presents an innovative access control model, referred to as Web service Access Control Version 1 (Ws-ACl), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-ACl, an authorization can be associated with a single service and can specify for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-ACl also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-ACl are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-ACl supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also be negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-ACl.
机译:本文提出了一种创新的访问控制模型,称为Web服务访问控制版本1(Ws-ACl),专门针对Web服务而设计。该模型的最大特色是保护对象和协商功能的灵活粒度。在Ws-ACl下,授权可以与单个服务关联,并且可以指定可以授权使用该服务的参数值,从而提供良好的访问控制粒度。 Ws-ACl还支持保护对象中的粗粒度,因为它提供了服务类别的概念,在此概念下可以将几个服务分组。然后,可以将授权与服务类相关联,并自动传播到该类中的每个元素。 Ws-ACl的协商能力与身份属性和服务参数的协商有关。身份属性是指请求服务的一方可能需要提交以获得服务的信息。 Ws-ACl的访问控制策略模型支持对策略进行规范,其中规定了条件,指定了要提供的身份属性及其值的约束。此外,还可以针对上下文参数(例如时间)指定条件。为了增强隐私和安全性,这些身份属性的实际提交是通过协商过程执行的。当主体要求使用具有某些参数值的服务时,也可以协商参数,但是这些参数值未得到现行政策的授权。在本文中,我们提供了模型基础和相关算法(如访问控制算法)的形式化定义。我们还以Web服务描述语言(WSDL)标准提供了模型的编码,为此我们开发了扩展以支持Ws-ACl。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号