| Web Service-based enterprise application integration (WS-based EAI) is a trend of EAI technology. However, access control security is an urgent problem to be solved in WS-based EAI's practical application.The paper makes two major contributions: firstly, an execution-oriented access control model (EUOAC) is designed and implemented; secondly, WS-based EAI architecture with access control security mechanism is established to provide an effective support to the EUOAC model, then the architecture's functional modules are also implemented.Aiming at the access control security problem in the WS-based EAI architecture, many access control models are analyzed. Then, Web Service security methods and other related technologies are also researched. Based on the former work, according to features of enterprise structure and business process, an execution-unit oriented access control model named EUOAC is proposed to satisfy the needs of enterprise application, which supports role mechanism, decreasing the complexity and difficulty of permission management. EUOAC has the function of active and dynamical authorization which contends the authorization needs when business process executes. Meanwhile, proper and relatively perfect constraints are introduced.Based on the existing enterprise application integration systems and web service standards, a standard pattern of WS-based enterprise application integration architecture with access control mechanism is constructed named ACS-WS-EAI(Access Control-secure WS-based EAI), which can implement access control when business process executes. The ACS-WS-EAI is a loosely coupled integration system that is flexible and extensible, makes various systems to be integrated neatly. ACS-WS-EAI is also flexible to support real-time dynamic choices, integration and nesting of web services.The ACS-WS-EAI solves the access control problem from the business process perspective and introduces the access control mechanisms, adding the access control module based on EUOAC into the architecture. It associates EUOAC with the WS-BPEL business process engine. At the same time, ACS-WS-EAI sets up access control spots to combine the authorization with business process execution. It also provides a convenient access control policy configuration interface for enterprise security administrator.Finally, the EUOAC model and ACS-WS-EAI system are implemented and tested. The result shows that the EUOAC model meets the requirement of the access control security in WS-based EAI architecture; meanwhile, The ACS-WS-EAI can support the collabrateion of EUOAC and WS-BPEL engine. It ensures the resource security when the system works. |
PDF Full Text Request