| Internet has deeply changed the software world because more and more application software systems operate on the net.In order to save application software development efforts,web services which can be seen as reused software components have been provided for applications to invoke.In exploiting web services,guaranteeing secure information access when web services are being performed is important. With the level of enterprises informatization improving,we have to attach importance to the problem of secure information access.Fortunately, access control technique can effectively ensure the authorized users access to sensitive information.So the research regarding access control models and software realization doubtlessly has great theoretical and practical value.The world famous organization OASIS(Organization for the Advancement of Structured Information Standards)has set up the XACML(eXtendible Access Control Markup Language)specification standard specially used to express secure access control policies,and the XACML has platform-independent,general-purpose, distributed, extensible and many other features.Now role-based access control strategy is increasingly widely used,and the XACML has established the RBAC(Role-Based Access Control)framework to support RBAC strategy.And according to the framework,accomplishing secure access control becomes very simple.So far,many researches about web service access control models have been proposed.But many these researches focus only on allowing or denying a requester to access a web service. Through studying the existing web service access control models,I found the following two problems that should be dealt with:①The existing models only make an"allow or deny"decision which is imprecise in web service access control;②According to the control of the existing models,once allowing a requester to invoke a web service,the web service must do everything requested no matter whether unsafe access will occur.To solve the two problems, this paper systematically studies XACML Specification,RBAC Profile of XACML Policy and XSLT/XPATH transforming technique,and then proposes an new access control model named Ex-XACML which is an extension of XACML and accomplishes the main modules of the model.Since both database tables'form and XACML form of policy data are all structured data and they could be easily described by XML,this paper mainly uses XSLT/XPATH transforming technique to convert the data stored in the form of database table structure into the data expressed by XACML.In order to standardize the generation of access request,the paper accomplishes a module which can be used to generate the standard access request. |
PDF Full Text Request