The Research And Application Of The Software-as-a-service Model

In this thesis, firstly, I discussed the knowledge of the software as a service system, and its applications in nowadays. Later, I introduced the permission management based on the Role-Based-Access-Control model in details. To take this system into practice, I use the MVC model.In this system, I used the theory of software as a service system, and developed some applications, such as project-management, bug-management and so on. By developing some applications in a platform, the system could be used by a lot of companies, and need a complex permission management system. This system is a small SaaS system. By using this model, customs needn't to go to each software company to buy some software, only need to buy some applications in this system, register and land.The author focus on describing the model of RBAC (Role based Access Control) used in SaaS platform. SaaS platform is a complex human-machine interaction system; each of the specific areas may be security threats.To construct robust rights management system, ensuring the security of management information systems is important. Rights management system is the management information system, in which reusable code module is the highest. Related to competence, any application system is inevitably related to competence. As a relatively successful model of rights management, RBAC has held a great deal of attention.In the thesis, the author's work reflects from the follows:1) Firstly, descripting the model of SaaS and it's application at home and abroad, and comparing the model with traditional software.2) Secondly, comparing of three access control policy:Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC) three security access control technology. And discussing their advantages and disadvantages. And focusing on the concept and implementation approach of RBAC theory3) The author focuses on discussing about permission management in SaaS model, especially about Multi-application Rights Management.4) In order to realize the system, the technology used in the system is launched in the essay. System uses the traditional three-tier development model. In Database designing, the system uses XML technology, and also API designing.The Analysis, design of RBAC model is depicted in details in the essay. This model has a high safety, more stringent access control and reduce development and maintenance costs, and so on, advantages. So, it has a good prospect.