| Web service composition can combine various web services distributed in the network according to certain rules,providing richer service content and realizing more powerful functions.In the composite service,the cooperation between each web service leads to cross-domain information exchange.Therefore,each web service system needs to protect its resources and data while providing services to users,so as to avoid leakage of sensitive information and privacy information caused by illegal access.Access control technology can solve the problems above.Traditional access control models such as discretionary access control,mandatory access control,and role based access control are not suitable for web service composition because of their lack of flexibility and cross-domain traits.Attribute based access control model can be applied to the distributed environment of web services because of its flexibility,cross-domain traits and dynamic characteristics.However,there are still some deficiencies in the application of attribute based access control model in web service composition:the storage of access control policies can easily lead to a policy explosion,which is difficult to apply to large-scale distributed systems.And when using the attribute based access control model to control the access process to a composite service,the phased and time-delayed nature of the composite service invocation process can result in a waste of time and system resources.Based on the attribute based access control model,this paper proposes an access control model M-ABAC that can be well applied to web service composition,elaborates on the working process of the M-ABAC model with examples,and designs experiments to discuss the feasibility and advantages of the M-ABAC model.The main research contents and innovations of this paper are as follows:First,we comprehensively analyze the applicability of the current mainstream access control model in web service composition,summarize the basic characteristics of the attribute-based access control model and analyze the advantages of attribute based access control method compared to other access control methods in web service composition.Second,according to the distributed characteristics of web service composition,the access policy table is proposed to describe the access control policy for the problem of policy explosion in attribute based access control model.And based on the access policy table,a new policy storage method is proposed—the distributed storage of access control policy.Finally,this paper designs an experiment to prove the advantages of the distributed storage of policy.Third,aiming at the characteristics of dynamic composite services and static composite services,we propose a conventional decision-making algorithm and a two-step decision-making algorithm for the decision-making in the process of access control.And a comparative experiment is designed to illustrate the necessity of the two-step decision-making algorithm.Fourth,this paper proposes the concept of master control mode for the problem of excessive pressure on the subject in the access control process of web service composition.The master control node can complete a large amount of work in place of the subject.In addition,the temporary storage point of subject attributes and the temporary parameters storage point in the master control node can store temporary information in the access control process to prevent the subject attribute authority from frequently interacting with the subject.The addition of master control node greatly reduces the pressure on the subject,making the invocation to the composite services more convenient and quick for the subject.Finally,on the basis of the above research,an access control model for web service composition—M-ABAC is proposed.We elaborate the access control process when M-ABAC is applied to web service composition and we analyze and validate the feasibility and advantages of M-ABAC through online shopping. |
PDF Full Text Request