The Research And Realization On The Web Service Access Control Based On The Attribute In The SOA Environment

Along with the middleware technology's unceasing development, web service system based on SOA increases day by day. Because the web service system based on SOA has many excellent characteristics including the loose coupling,the standardized service interface,and supporting each kind of message pattern,it suit multi-system and multi-service's distributional application environment, and already to become the present mainstream method to develop the web service. But, the illegal access from nonauthorized user and the safe transfer between services have seriously threated the AC security of the SOA, thus affects the widespread using of SOA.Regarding the access control of the distributional system particularly SOA construction system, the tradition access control model is difficult to satisfy the policy's flexibility and the security between the service transfer. This article proposed that using the attribute based access control model to solve the problem in this kind of system in order to realize the secure access. First, compared with tradition access control model, ABAC has the universality, is advantageous for the system integration.Second, the ABAC access control construction suits in the distributional system, the access control policy is flexible.Finally, ABAC has no integrate difficulty for application provider, it can reduce the integrated difficulty. At present ABAC already became the research hot spot for the web service system access control in SOA environment. As a result of XACML based on the XML language description access policy, which has the good all-purpose, the suitable distribution for SOA and the strong extension, therefore this article chooses the XACML to design and realize the SSO including the ABAC, which enhance the security of application and user in access control, realize fine grained access control for the service/page level, strengthen the flexibility and universality of the access control policy, lay the foundation for the web service authentication system in the SOA environment. The mainly innovative work has the following three spots:1. To enhance the interoperability security of the distributional web service system in the SOA environment. Using ABAC in the SSO can add the access control based on the user attribute, resource attribute, environment attribute and so on, improve application's security effectively.2. To realize the access control policy based on the service/page. It can aim at the web service's basic composition structure - service to design the access control method for the web service in the SOA environment, formulates access control policy based on the service and page, realize the business relation description, and achieve the fine grained access control for the services in single system.3. To increase the flexibility and universality of the access control policy. XACML use the XML to describe the access control markup, and using the XACML language to describe the subject/object's attribute and the access policy separately, carries on the global administration and realizes the policy combination, which enables the access control policy to have the very good compatibility and can realize the flexible access control.