| SOA as a new method of software architecture, has features of platform-independent, loosely coupled, openly. As a result, it become the enterprise information integration's preferred solution. However, because of its dynamic nature of SOA, the security problems it faced are more prominent. Authentication and Authorization need to cross security domain, and the services should be called by a large number of users in temporary security domain in a unpredictable manner. These made new demands for the access control system of service-oriented environment.The paper analyzed the features of access control system in the service-oriented environment, indicate the deficiencies the traditional access control model. For the service-oriented implement environment, we simplify the original attributes based access control model. Redefining the attributes based access control model and define the formal description of the model. contrast it with the traditional model RBAC, analysis the merit of attribute based on the access control model in the cross-domain security authorization and in reduce workload of security management.Design the framework of access control system in service-oriented environment, make attribute based access control model as the design goal, Design an authorization subsystem to satisfy XACML Architecture. and design the authorization algorithm. Research on how to use the XACML policy file to describes attribute based access control model, and raise the management problem of policy files, than design a LDAP based solution and design policy manage algorithm.Use SAML technology in design of authentication subsystem to transfer attribute information. Implement the attribute cache to make the response more effective. Test result shows that ACS System is feasible in Service oriented environment. |
PDF Full Text Request