SaaS Access Control Model Research And Application

The traditional software development with high cost and long development cycle cannotmeet the increasing need for software service. The advent of SaaS model solves theseproblems about high cost, long development cycle and maintenance of software. Because ofmulti-tenant in SaaS model, under which multi-users can use the same database’ licensessimultaneously, the users doubt the security of SaaS, which restrict the development of SaaS.SaaS’s resources are highly centralized than that of traditional network system, but underthe access control management of SaaS, there exist some problems such as managementdisorder and ambiguous responsibility. Based on the features of SaaS model in conjunctionwith the characters of user layers in system and need of system sensitivity information for roletime constraint, the paper proposes the SaaS-RBAC access control model, which meets therequirements of role layer-management and role time constraint in SaaS access control andimprove the access control security in Saas platform. The followings are the contents of thispaper:(1) Study SaaS control access model, analyze the requirements of SaaS control access,and understand the principle of work of mechanism and model of control access, and parsethe model.(2) Study RBAC extended model with time constraint and hierarchical management.According to the features of system user, managing the users by layer does not only solves theproblem about role naming confliction but also makes user perform its own responsibility,which conforms to the enterprise management model. Introducing time constraint with role,which focus on the systems in which have higher need for security, restricts the use of rolesand prevent abusing of authority. With time constraint, role can only work in certain timerange or under certain circumstance, which improve the system safety.(3) Implement the improved SaaS access control model. Based on the entire flow ofservice for users, this paper implements SaaS access control through the user access layer andthe access control layer and application service layer. The user access layer as externalinterface accepts the access from users, and the access control layer manages the operations of users, and application service layer manage the service of registering, auditing and managingfrom providers, and the tenant service for enterprise user.(4) Design and implement SaaS access control management system. Based on theimproved SaaS access control model, using the example of village affair opening, design anddevelop SaaS access control management system, and implement security access control ofthe information of SaaS.