With the development of cloud computing, as the basis of data services, security problem of cloud storage is growing more and more attention. Based on distributed cloud storage, multi-domain, and multi-tenant characteristics, combined with access control technologies, this paper sets up the Role-based Access Control using Ontology and Domains in Cloud Storage (DOnto_RBAC), which can provide a concise and effective access control strategy for cloud storage service providers (isps). According to the characteristics of access control in cloud storage, based on the standards (CDMI), this paper adds Domains and Time constraints of roles into RBAC. With using of ontology technology and OWL language at the same time, this paper establishes ontology access control model and describes DOnto_RBAC entities and strategies to realize reasoning of multi-domain access control permissions. We realized our access control management through Python, and established a Restful API. With the form of a requested by Restful format commands, DOnto_RBAC implementations in the cloud storage environment is Swift, validation can be effective management of distributed, multi-domain cloud storage data. |