| SaaS is a new service model which delivers software to tenants, and it can save costof system maintenance. However, due to huge amount of tenants and shared data storage, itis worthy of considering how to get access control effectively and facilitating tenants’ datasharing. The study of the access control model for SaaS focuses on following three aspects:Firstly, combining role-based access control model, design an access control modelnamed T-ARBAC (Tenant-Administrative Role Based Access Control) to facilitate controland management of tenant platform. This model consists of two layers, one is accesscontrol layer of platform and the other is access control of tenant, so it has twomanagement types of users accordingly.Secondly, modify the access model above to support multi-domain security accesscontrol with security tag. It is useful to achieve good results using security tag annotatingdata. Obtaining appropriate security tags, user can retrieve data directly through thedatabase agent layer, without the need to obtain data across different systems, so accessefficiency is improved relative to traditional cross-domain access.Thirdly, show the detail of design and implement of the access control system. Andthe implement of escort service indicates that this access control model can solve theproblem proposed in the beginning.All in all, this new access model can get the user management efficiently, and the useof security tag can get the data sharing of tenant more efficient. |
PDF Full Text Request