The Research On Security Model Of Service Computing Based On Policy

Service computing is a topic of industry and academia which is paid attention to in current time.One of its priorities is to support the openness of the system in a standard way, and then it makes therelative technology and system have long-term vitality. Service-oriented architecture andservice-oriented computing technology is a milestone which identifies the progress in the field ofdistributed system and software integration of technology. The current mainstream implementationof SOA is web services technology. Web services becomes more convenient in realizing resourceaccess based on web users. But some important resource is likely to be exposed to the outside at thesame time, which can cause a serious safety hazard for resources in accessing and acquiring legally.The main work of this paper is as follows:Firstly, service oriented architecture, web services and related technologies were studied, theweb services architecture and its characteristics were also analyzed including web services securityspecification, such as SAML specification, WS-Security specification and XACML specification,and the core technology of the web service was discussed such as WSDL, UDDI, and SOAP. Thenthe advantages and disadvantages of these security specifications and technologies were analyzed.The paper studied security, trust, privacy and all kinds of new services in the computing platform.SaaS, XaaS and cloud computing were consisted.Secondly, semantic web services architecture was studied, and semantic web service descriptionlanguage and OWL-S top-level ontology structure were analyzed in detail. Semantic web servicesrelated technologies were also researched including context-aware service matching techniques andcorresponding techniques based on semantic; the semantic web service matching algorithm wasstudied in a focal point. The relationship between the ontology services was analyzed, and thespecific process of finding by service provider and service requester was also given. Servicesmatching idea was analyzed and researched, then the concept of matching service was clearlydefined, the tone to match, the statute of the match and local match were defined successively, andthe realizing process of the service computing matching algorithm was designed.Thirdly, policy description language–XACML was analyzed, using the example of securitypolicy expression assertion in the WS-Security policy specification. Policy access control algorithmin services computing environment was researched, XML technology is adopted to achieve thepolicy confidentiality protection, and policy set was used to describe the situation which would bereferred at the same time to prevent the disclosure of unauthorized information. Policy access controlprinciples and the characteristics of strategic management framework were analyzed, and the policy combination algorithm and policy decision algorithm were focused on, the policy decision model,the XACML context model and the policy language model were presented. According to relatedmodels, the access which is the subject to the object can be more flexible to control in the applicationof the access control policy, and the diversity of access control, flexibility and multi-strategy supportcapabilities can be greatly improved.Lastly, service computing security model was researched and designed, and the structure ofrole-based access control model (RBAC) was also analyzed. The granted role was assigned to usersby adding policy expressions based on RBAC model. Then policy of authorized subject, policy ofobject, policy of role inheritance, policy of role allocation and action policy were analyzed in detail.Attribute-based access control model (ABAC) was studied to make authorization decision based onthe properties of the participating entities, and to determine whether the subject can access resourcein particular environment by the policy rules, so the multi-valued attributes and multi-rulecombination algorithms can be supported through the expansion of the model. The task-based accesscontrol model (TBAC) was researched from the environment of the workflow to analyze informationissues which were related to security. Policy-based access control model (PBAC) was researched anddesigned in an important way. PBAC model provided a dedicated policy management module foraccess control which is conducive to the formulation and management of policy. The achievementcharacteristics of PBAC model was researched through the instance of basic policy and meta policy.Compared with other security models under service computing environment, the model cancompensate for their lack of them and achieve the security management needs in the enterpriseapplications of access control.