| With the wide use of Internet and service oriented architecture (SOA), the emergence of e-government, e-business, and enterprise portal applications such as increasing, some business information service only permit authorized users access to, so have the proper way prevent these applications of unauthorized access. Service oriented architecture has very many advantages, for example, very fast development speed, a very low cost, very good flexibility, etc; therefore, this structure is more and more widely used in various fields of applications. However, due to the service oriented architecture can realize low coupling software system, and can realize dynamic calculation, though the system structure have these advantages, yet it brings safety management difficulties. In service oriented architecture environment, because this service is dynamic, common independent access control (DAC), mandatory access control (MAC) and role-based access control (RBAC) traditional access control mechanism, already can not meet the environmental requirements of SOA, resulting in access control strategy management is very complicated. In SOA under large open a distributed system, a potential user very much, and there are many unpredictable users, therefore, role-based access control (RBAC) model has some defects, not be able to handle the SOA open of distributed system requirements.In order to simplify the service oriented framework of access control strategy management, this paper put forward based on attribute of access control model (ABAC) and role-based access control (RBAC) combined with the model of a new type of access control model, simplified the SOA-ARBAC authorized, also simplifies the access control strategy of maintenance and management, especially simplifies the SOA within the organization under different heterogeneous attribute authorized strategy of maintenance and management.This paper firstly introduces the research background and meaning. Then, this paper introduces the traditional access control technology, and expounds several primary access control model and their characteristics. Then, on the analysis of existing defects of the access control model was put forward on the basis of a new kind of access control model of SOA-ARBAC, gives the system structure of this model, and introduces the formalization of the model, presents system use case diagram, designs and implements the system modules, discusses the dynamic authorized process of the model. The access control model of SOA-ARBAC is used in zhongtai sunshine customer relationship management system, and has obtained very good operation effect. Practice has proved that compared with other access control mechanisms, SOA-ARBAC model has higher flexibility and more fine granularity, the model is dynamic, and the authorization of the access control model is practical and simple. Also, through this model, the authorization strategy for the heterogeneous attributes in service oriented architecture can be simplified. |
PDF Full Text Request