| With the development of the cloud computing technology and the growing scale of network, more and more enterprise groups build a private cloud environment alone or jointly build a community cloud environment to achieve reliable data sharing and interactive access. Due to the characteristics of distributed of cloud environment, application service providers of the same group but different institutions are often located in different servers and different domains. Furthermore, with the deepening of link among different groups, user's access is not limited to application services of different institution-domains in the same group-domain, but also involves different group-domains. Therefore, how to realize the safety and convenient of users for cross-domain access in the cloud environment is a problem to be solved.This paper mainly studies cross-domain problems in community cloud environment which jointly built by multiple groups. And analyze the problem of cross-domain access in two aspects, identity authentication an access control. In order to solve the problem of cross-domain access in different institution-domains with the same group-domain, this paper puts forward an identity authentication model of centralized identity authentication and single sign-on and a distributed authorization model of autonomous institutions. In the identity authentication model, the global authentication system in the group-domain is responsible for users' unified identity authentication. And the authentication system realizes single sign-on of users' cross-domain access. The global authentication system use SAML to transmit users' identity authentication information and role information among different institution-domains. In the distributed authorization model, each institution is responsible for the authorization process of the authenticated users, and it uses XACML protocol to realize the access control based on RBAC in the institution-domain. In order to solve the problem of cross-domain access in different group-domains, this paper puts forward a model of cross group-domain access in the federal environment. This model is based on the model of cross-domain access in different institution domains. Group-domain will open part of roles to the other groups in the trust circle. Moreover, the target group-domain will put the authentication process of users to users' source domain. And the source domain passes users' authentication information among different group-domains through SAML protocol.The cross-domain access model can effectively solve the problem of identity authentication and access control when user cross-domain access resources in the cloud environment. And the model provides a safe and a convenient way to safeguard the security of data sharing in community cloud environment. |
PDF Full Text Request