| Dynamics, heterogeneity, distribution and complexity of SOA environment and Webservice bring not only more convenient, but also ghastly security problem for e-commerce,across enterprise applications and otherwise network services. This turns security of differentWeb services invocation and composition into currently researchful emphases in SOA. Asimportant technologies, service oriented authorization has been a critical issue and urgentlyneed for Web service research in SOA.Based on accurate analyzing the security and authorization requirement of oriented serviceinvocation and composition in SOA, this dissertation has explored much on key techniquesincluding establishment of oriented service authorization model, authorization implementationframework and authorization policy. The main research work shows as below:1. An Attribute and Policy-Based Service Authorization Model called APBSA is proposed.Due to the service oriented authorization requirements and the drawbacks of authorization inexisting methods, an attribute and policy-based service authorization model is presented. Thismodel introduces the concept of attribute, establishes authorization policy through service’sattributes, solves the service oriented authorization problem based on authorization policydescription and rules determination.Then, the formal definition of model is given, includingmain elements, relations, operations and rule functions. Also the characteristics and security ofthe model is analyzed. Moreover an instance is given to support the model.2. An APBSA based service authorization framework is designed. Aiming at theapplications of the APBSA for service oriented authorization, an authorization framework isbuilt which can support oriented service invocation and composition. The work process andauthorization process of framework are analyzed. The key technologies supporting theauthorization framework implementation are given, including service authorization discoveryand authorization attribute management etc.3. The service oriented authorization policy is researched. Aiming at the heterogeneouspolicy of service oriented authorization, the dissertation researches authorization policy basedon XACML, defines policy element and analyzes authorization policy matching process ofsercive invocation. Due to the authorization policy conflict in policy composition, a policyconflict detection algorithm based on rule state relativity of XACML is proposed. That iseffective to solve the policy conflict of service oriented authorization.4. Key modules of service oriented authorization are designed and realized. Based on theprototype system of “the key technologies research of authentication and authorization service”,service request module, service discover module and authorization management module are designed and realized for service authorization in SOA, sequentially research content isvalidated effectively. |
PDF Full Text Request