The Role-Based Access Control In The Distributed Cooperation Environment Based On Web Service

Web Services provides a common platform for distributed collaborative work among autonomous domains. Distributed cooperation environment based on multi-application environment has requirement for the distribution and access security of Web Services, especially for authorized visit.Compared with traditional DAC (Discretionary Access Control) and MAC (Mandatory Access Control) models, the RBAC (Role-Base Access Control) model is more excellent and can provide better flexibility and scalability. RBAC is nowadays the most popular access control model. However, the current RBAC model still has many theoretical and application problems, such as the users and the operation objects in the model are considered static, multi-session brings difficult administration and the model lacks of detailed definition for permissions and constraints and so on. At the same time, the distributed collaborative environment has some special requirements for access control of the Web Services. The requirements include the unification of two-layer security control of Web Services and autonomous domain, the combination of uniform information and individuated service aiming at the Web services integrated by the Distributed collaborative environment, and access control strategy for the end user.Based on the analysis of the current RBAC model, this paper presents an improved RBAC model. The improved RBAC model effectively protects system resource and services and makes sense on uniform identity authentication and resource access control. The improved RBAC model has great sense on the development of the Distributed collaborative environment system based on Web services. Some works in this thesis are mainly focused on the following aspects: First this thesis analyzes the current access control technology and the relevant theory about RBAC. Second, based on the characteristic of the Role-Base Access Control in the Web Services-Based Distributed Collaborative environment, combining the unity Login, this thesis proposes a new model—DRBAC (Domain Role-Based Access Control) model. A formalized description of the DRBAC model is given in the thesis. The DRBAC enhances the authority constraint for the requirement of security. The role in the model can span all the distributed collaborative applications. At the same time, a role-based access control mechanism in the Web Services-base distributed collaborative environment is implemented. Third, this thesis also designs and implements many access control policy management and publish modules, such as Axis2 intermediate module, access control constraint module, identity authentication module, role-permission assignment module, and LDAP storage module for user information in model application. Simulation results show that the new model is more efficient and reliable than the old one, and can provide effective protection of distributed cooperation environments.