Research On Technology Of Cross-domain Access Control On E-government Cloud Based On Classification

Currently cloud computing has become the focus of the global information industry revolution. National governments pay high attention to the cloud computing technology,and have launched their own plans for the development of cloud computing. Because of the characteristics of cost savings, centralized management, reducing terminal user management burden, regulating data flow easily and so on, cloud computing technology not only has developed rapidly in the civil and commercial environment, but also has got powerful promoted in the e-government. E-government cloud is servicing people,improving the government affairs in all kinds of function and promoting the informatization process of the e-government with the unique advantages of cloud computing. While applying cloud computing to the e-government also has inevitable security threats, such as single access control mechanism, granularity coarser,heterogeneity of cross-domain access control, and the mechanism of management and maintenance of user information is imperfect and so on.E-government system must meet the requirements of hierarchical protection standards at present. How to make existing users of e-government systems seamless migrate to e-government cloud system and implemente security access in cross-domain based on the users classifications is a hot and difficult problem of e-government cloud.Since the access control fine-grained is not enough while users sharing resource during e-government cloud cross-domain, a cross-domain access control scheme based on user's classification was proposed. The scheme adoptes a typical cloud computing access control mechanisms-Identity and Access-Control Management(IAM), implementes the assertion attribute authentication based on classifications of users. Finally, a cross-domain system for cloud computing environment based on Shibboleth and secure component keystone of Open Stack is built. And the feasibility of the scheme is proved by the test for comparing the tokens between inter-domain and outer-domain of a user.In this paper, the cloud computing cross-domain access control scheme is proposed. And it eliminates obstruction caused by the different structure of the original e-government and cloud platform during resource sharing and provides a fine-grained cross-domain access control mechanisms.