| Computer supported collaborative Design (CSCD, CSCW in Design) is animportant research field of computer supported cooperative work. Collaborativedesign support multiple times on separation, the space distribution of work anddependent on cooperative members work together. In the design process, thetask set is dynamic, task correlation or scheduling. Collaborative design systemmust ensure that the legitimate user at the right task time have the ability toaccess data, illegal user requests should be stopped. So the access controlbecomes an important topic in the research of collaborative design system.access control models at present mainly include: Discretionary AccessControl(DAC), Mandatory Access Control(MAC), Role Based Access Control(RBAC),Task Based Access Control (TBAC), and Attribute Based AccessControl (ABAC). DAC and MAC are both passive access control model and it isdifficult to adapt to the complex distributed environment. RBAC introduces arole between users and authorization to realize the logical separation of user andpermission. But RBAC lacks a description to subject, object as well as contextso that it can not adapt to the dynamic access control system. TBACimplementing access control at the angle of task, is a kind of access controlmodel based on the context, but it can not fine-grained implement the dynamicaccess control system in the Web environment. ABAC is an access controltechnology based on subject and object attributes and it can determine whetheruses have a privilege to access by considering the requester attributes at the time,resource attributes and the environmental attributes at that time. So ABAC canadapt to the complex dynamic authorization access control in Web servicesenvironment.(1) Due to the collaborative design process which having dynamic changecharacteristics in the process of design, this paper proposes a dynamic accesscontrol model(CSCD-ABAC), which is suitable for collaborative design accesscontrol,to extend the attributes based on access control model. In this paper, it formally describes the design subject, design object, design environment anddesign action and defines the access control rules and strategy. The taskinstances DTI is introduced in the model and it dynamically describes theinfluence the task instance state migration having on access control as thecontext properties of ABAC so that it can dynamically determine the accesscontrol permission through the change of environmental attributes.It alsodescribes the rely constraint relation among design tasks in task instances as thestrategy decision rules in permission distribution to implement the real-timedynamic access control of collaborative design.(2) Based on the analysis of the model process, this paper designs the PEP、PDP、PAP and PIP function module、function description and the workingprocess of each unit.(3) Using the Web Service technology、the SOAP protocol and the SAMLand XACML technology. Through a SOAP to call Web Service on the client side.Creating the attributes and the rules. |
PDF Full Text Request