| SaaS is an Internet-based software services pattern.In this pattern,user data is stored and managed uniformly by the service provider,thus there is a need for an effective resource-oriented access control mechanism to ensure the independence and security of user data.This paper proposes a SaaS-oriented access control model and pulls out the access control module from the specific business logic and implements an access control component which can provide service via HTTP protocol.This component not only improves the reliability of access control in SaaS services,but also enhances the reusability and flexibility of access control module.In particular,this paper includes the following three aspects:Proposal of a SaaS-oriented access control model.When applied to SaaS services,the traditional RBAC model cannot meet the need of multi-level access control while it also lacks more fine-grained data permissions.The SRBAC model is a new model proposed by this paper which extends and optimizes the traditional access control model and realizes the layer-management and differentiated customization of access control.At the same time,the model adds an element called data rules to expand the permission element,which meet the needs of data security for SaaS tenants.Design and implementation of access control component.Based on the SaaS-oriented access control model,this paper does the requirement analysis for the component.Then,it designs the overall structure and the functional structure and describes the implementation scheme of the specific functional modules.Finally,it implements an access control component which provides web service in REST mode.Application and verification of access control component.This paper describes the application method of the component in detail and applies it into multiple services of a SaaS platform.At last,it verifies the validity and reliability of the component from two different perspectives,the tenant access control and the platform access control. |
PDF Full Text Request