The Research And Design Of Access Control Model Based On Attribute In The Web Services

With the rapid development of global informatization and distributed network technologies, in order to deal with the the issue of internal resource sharing in enterprises and institutions effectively, it has become a trend of using information systems integration to unify the management of application services.Web services comparing with the traditional service mode (centralized or C/S), Its environment characteristics brought many challenges and new technical difficult problem to access control.In the process of System Shared services, services are inevitably involved in sharing and deployment among different domains, it is necessary to implement multi-domain access control management on Web Services, solving the problem of integration with service resources issue and different strategies. This article mainly studies several key problems about access control based on attribute:On the combination of XACML with PKI/PMI technology establish new access control model——access control based on PKI/PMI and XACML models, it is used to solve these problems about attributes establish and representation, attribute acquisition,laconic framework of strategies description, perfect model of strategy synthetizing, efficient security attributes communication protocol, easy to understand the general ontology. The new access control model can solve the access control problem of Web service information sharing and cross-domain visits. This paper main job as follows:1. This paper make a systematic analysis of the traditional based on attribute of access control model ABAC in the Web service, and combining ABAC access control framework and authorization model, to summarize the problems of ABAC ,which must to be solved.2. This paper make an in-depth analysis of XACML language standard, to summed up the the advantages and disadvantages of using XACML fulfill access control based on attribute for Web services.According to the disadvantages, combined with the XML encryption, XML signature, the SAML specification, and attribute certificate management of PKI/PMI technologies to create a new access control models——access control based on PKI/PMI and XACML models.3. Analysis the necessity and feasibility of campus information service system integration, by access control based on PKI/PMI and XACML models, and proving integration of campus information service system.In short, the content of the above research results and innovation not only solved a few key issues in the area of based on attribute of access control in the Web services, but also enriched the relevant theory, method and implementation technology of based on attribute of access control in the Web services.