Research And Implementation Of Cloud-service User Authentication & Authorrization Model

With the rapid evolution of Internet technology, big data and cloud computing has become the most competitive research hotspots in the Internet and its application is increasingly. As one of telecom operator provide cloud services. The scale of enterprise customers and cloud service increasingly now. The authority control model used by enterprise's cloud platform is only the core role-based access control model (RBAC), which has been insufficient for system requirement need to be improved. It is important for enterprise's cloud platform to confirm the scope of management and use of resources by different customers. It is also vital for customer owned privilege match with owned resource to achieve access control.This paper, based on the above considerations presented an improved User Authentication & Authorization Model named CSUA-MS.For the purpose improve existed user authentication & authorization model based on enterprise's cloud platform, and control customers'privilege reasonably. This paper analyzes and implements the user authentication module, user functional privilege management module and user data privilege module.The paper studies the User Authentication and Authorization Model is designed for enterprise business layer that provides cloud service. First of all, this paper studies the whole software architecture of the cloud service delivery platform of telecom operator, the microservice architecture used by platform; it is divided into four layers: view layer,control layer, persistence layer and CloudStack physical resource layer.The first three layers conform to the MVC design architecture, and they interact with the fourth layer using the message workflow mechanism to issue tasks and obtain feedbacks by CloudStack. Secondly, this paper studies Apache Shiro security framework and four improved RBAC models. Based on the business requirements of the enterprise business layer and the advantages of the four improved RBAC models, a new model named CSUA-MS is proposed. The implementation of user authentication module and user functional privilege management module combined with Apache Shiro. Meanwhile, the implementation of user data privilege module based on distributed database design as mainly character of microservice architecture. Finally, implement the three modules by coding. This paper implements the CSUA-MS model and applies it to the enterprise's cloud platform; the flexibility of the cloud platform's user module is improved and obtains good application effects.