A Unified Soa-based Permission Control Mechanism For The Research And Application

Enterprises build a series of Web application systems, but each system's right management is customized development, and tightly couples with application systems, it is difficult to achieve reuse of right management, and it brings inconvenience to the enterprises'unified user and authorization management. Role-based access control model RBAC is the most widely used access control model. Because user rights of modern enterprise always change, it is difficult to meet the changing needs of complex situations by adjusting roles to change users'authorization; At the same time, conflict resolution strategy of the traditional RBAC model is bad availability. In order to solve the above problems, this paper further extends RBAC model and proposes access control model based on user and role driven by inheritance and priority constraints IPC_URBAC, designs and implements a platform-independent, loosely coupled and easily extended unified right control mechanism based on SOA and Web service technology.First, this paper analyzes the advantages and disadvantages of the Discretionary Access Control DAC, Mandatory Access Control MAC and role-based access; control RBAC, verifies the RBAC model is more suitable for Web applications management. Second, analyzes the lack of RBAC model, extends RBAC model to IPC_URBAC model, gives the definition of inheritance and priority constraints, proposes individual and priority conflict resolution strategies, and gives calculation algorithm for calculating user rights. Third, designs and implements unified right control mechanism based on SOA and IPCU_RBAC model, analyzes the characteristics of unified access control mechanism, put forward a method to achieve integration with Web applications. Last, introduces the realization of unified access control mechanism in a CRM project the author involved in developing.IPCU_RBAC model adds user inheritance constraint to control availability of user authorization, and enhances flexibility of authorization; Designs inheritance and priority constraints, as well as individual and priority conflict-solving strategies to solve the user and role authorization conflict, which enhances security of model. Expansion of constraint and authorization can give research on RBAC model some reference value. Making use of Web Service to implement the security model based on the thought of SOA realizes the largest grained reuse of security model, makes access control independent of Web application system, realizes integration of different Web application systems by calling right service, and provides some new ideas for successful implementation of SOA.