徐晓春,陆松年,杨树堂,蒋兴浩

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.05.028

2004-01-01

Abstract:One of the most important features of XML Web services is that they can easily accessed over the Internet. But the downside of this easiness is that security is compromised. This paper presents an access control system for Web Services. It uses XACML for the description of access control criteria based on the use of attribute certificate. The system takes full advantage of XML-enabled feature of Web Services and XACML access control decision model. Furthermore, the integration of privilege management infrastructure and XACML makes this system suitable for heterogeneous Web services.

JIANG Wei-chao,XIA Yang,HUANG Xiao

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.06.042

2005-01-01

Abstract:Web services, which adopt general protocol and technology, can be easily accessed by users and have been the research hotspot in distributed computing, but the downside of this easiness is that security is compromised. An access control system for web services is presented based on SAML and XACML, which uses SAML to single sign-on and introduces XACML to control the access of users. Based on SAML, XACML is imported to control the protected resources on web sites, and achieves the security of access control of web services.

Yi-qun Zhu,Jian-hua Li,Quan-hai Zhang

DOI: https://doi.org/10.5220/0002100404710474

2006-01-01

Abstract:A key challenge in Web services security is the design of effective access control schemes that can adequately satisfy Web services security requirements. Despite the recent advances in Web based access control, there remain issues that impede the development of effective access control models for Web services environments. One of them is the lacks of dynamic role management and attributes access control for Web services. In this paper, we present a dynamic attribute-based role-based access control model (DARBAC) to address the issues. The proposed approach introduces authorization group, which is used to dynamically manages roles and privileges, and attribute based access control mechanism which is used to protect the services and services parameters. We outline the configuration mechanism needed to apply our model to the Web services environments.

XU Feng,LIN Guo-Yuan,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.02.001

2005-01-01

Computer Science

Abstract:Security is currently one of the biggest concerns about future development of Web services. This paper brief reviews the state of the research for access control in the Web service environment. In this paper,we first discuss the way to study the access control technology from the protocol stack of the Web services. Then we discusscd the access control technology of XML documents and the SOAP protocol,as well as correlation standard. Finally,the conclusion is given and the problems are pointed out,which should be resolved in further reserach.

Xiangping Qin,Xing Li

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.06.019

2001-01-01

Abstract:The access control model of the Information Service of CCERT is a new attribute certifictate based access control model of distributed system. Through the analyses of the access control model based on the X.509 public key certificate,This paper introduces an access control model based on the attribute certificate according to the features of CCERT. Meanwhile It illustrates the realization of the model.

Feng Xiang,Gan Ling,Ni Kai,Zhang Chao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.022

2007-01-01

Abstract:Authorization access control is an essential and important module in MIS.Traditional authorization control needs to be improved on coupling and reusability.A Web service based authorization access control method is designed.By abstracting the basic functions in the field of authorization access control,and setting the authorization intonation into a five-tuple table in database,the functions of authorizatin access control are separated.The authorization access control method is made to run as Web Service,and thus the model is of low coupling,high reusability,and can be easily used in different applications running on isomerism environment.

Zhang Yong-sheng,Wang Ying

DOI: https://doi.org/10.1109/NSWCTC.2010.113

2010-01-01

Abstract:The paper proposes a dynamic access control model for Web services that based on the trust-authorization -WS-TABAC model. A simple evaluation algorithm about trust is defined, which can calculate the trust degree of users easily. In WS-TABAC model, part or complete privileges can be achieved through the mapping relations defined between trust and authorization. Theoretical analysis and examples demonstrate that this model can better grant appropriate access privileges for different requestors and satisfy their need than the traditional access control.

X Feng,L Guoyuan,H Hao,X Li

DOI: https://doi.org/10.1109/cit.2004.1357221

2004-01-01

Abstract:This paper first briefly reviews the state of the security technology research and access control in the Web Services environment, and then presents a service-orient role-based access control model and security architecture model for Web Services. In this Security Architecture model, SOAP Proxy is employed to enforce access control for Web Services and security mechanisms are separated from the business logic. In this paper, a new technology is presented to implement the RBAC on the Web Services by designing the secure cookies and secure SOAP messages. Finally, the conclusion is given and the problems are pointed out, which should be resolved in further research.

霍远国,马殿富,刘建,李竹青

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.07.030

2010-01-01

Computer Science

Abstract:Web Services Resource (WS-Resource) consists of static Web service interface and dynamic stateful resource.According to the different characteristics of the two components,we proposed an Attribute-Based Two Level Access Control (2L-ABAC) on for WS-Resources.Attribute retrieval is essential for ABAC systems because they are based on their decisions on attributes of users,so 2L-ABAC employs access control policies publishing mechanism to inform users of the needed attributes.Access control policies of Web Services are static and those of resources are dynamic,correspondently two publishing methods,WSDL attachment and metadata exchanging,are adopted for each level respectively.2L-ABAC inherits from the ABAC model the capability of authorizing unknown users from other security domains,besides its flexibility due to the hierarchy design model.Moreover,this architecture can be implemented by extending the standard specifications such as XACML and SAML,so it has broad applicability for WS-Resource based systems.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

WEI Wei

DOI: https://doi.org/10.3969/j.issn.1006-4052.2010.20.038

2010-01-01

Abstract:Web Services brings lots of new security challenges for the traditional security model , in order to solve the security problem of Web services, we propose the RBAC model based on XACML and SAML,which through analyzing the XACML、SAML and RBAC, this model adopts XACML to control and interview the users, applies role to manage the authorization, uses RBAC to separate the users and authority, improves the flexibility of the authority management. Let the users which are different roles single sign -on successfully through SAML, the whole frame based on XML ensure the flexibility and expansibility of the model.

shaomin zhang,hongbian yang,baoyi wang

DOI: https://doi.org/10.1007/978-3-642-27287-5_94

2012-01-01

Abstract:For the problems of attribute elements maintenance difficulty and heterogeneous attribute of multi-domain in ABAC model, we propose the method of using ontology to maintain access control elements and distributed attribute management, which describe the logical relationships among attributes with OWL and introduce attribute mapping technology in access control decision-making. It can reduce the complexity of attribute management and raise the security of the cross-domain access. It makes up the defects in original ABAC model, and has a good reference to research the cross-domain access control.

CHEN Chuan-bo,PENG Chao-yi

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.01.011

2008-01-01

Abstract:Since XML is widely used nowadays,the need to provide controlled access to such information is imminent.The incredible amount of heterogeneous users on the Web also increases the difficulty of the authorization management.Based on the security feature of XML documents,we presents a credential-based XML access control model and its XML-based policy specification.Finally,we discuss the implementation of the model.

曾岫,彭宏,左国威

DOI: https://doi.org/10.3969/j.issn.1009-8526.2009.02.012

2009-01-01

Abstract:A role-based access control is designed in detail for the access control in the secure model of web service based on the expansibility of SOAP.We availably overcome the deficiencies of the tradition access control technology and decrease the complexity of authorization management.

马克,宋长新

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.27.028

2008-01-01

Abstract:Based on the research of Web security specifications, it put forwards a message level security model for the typical Web Services application. It provides both security transport of SOAP messages and an access control security. ' The model uses XKMS as a replacement of PKI and SAML assertion to exchange authentication as well as authorization information of users. The implement of the model depends on a message processing security.

曾岫,彭宏,左国威

DOI: https://doi.org/10.3969/j.issn.1007-1423-b.2008.10.002

2008-01-01

Abstract:Proposes a new role-based access control model on the basis of analysing the tradi-tional RBAC model.The model can efficiently overcome the shortcoming of the traditional model.It can decrease the complexity of authorization management and expense of manage-ment,and provides a better e-Environment for managements to realize security strategies.

Chen Guilin,Zhao Shenghui,Chen Haibao,Ji Chengchao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.02.025

2009-01-01

Abstract:Current Web services security technologies are relatively independent.However,it needs an overall security design for the whole application integrating solution.An integrated Web services security model is proposed,where the formal definition of the model and the key implementation techniques are given.The model achieves following security targets:uniform identity authentication based on certification,role-based access control and secure SOAP message transmission,which makes the model have characteristics of openness and dynamic adaptation.A prototype system is developed based on this model,the running results show that it can achieve above three secure targets,and makes the whole system more secure than single security technology.

ZHU Yi-qun,LI Jian-hua,ZHANG Quan-hai

DOI: https://doi.org/10.3321/j.issn:1006-2467.2007.05.026

2007-01-01

Abstract:This paper reviews the existing research work of the security technology and access control for web services, and then presents a dynamic hierarchical role-based access control model for web services. In this paper, by introducing the notion of authorization group and mechanism of hierarchical access control, the model dynamically manages privileges and protects the parameters themselves. The model improves the flexibility and independence and expansion of access control for web services, and dynamically manages privileges, and provides a more perfect security mechanism for web services, and also effectively enhances the security for web services applications.

ZHAO Wei-gang,WANG Run-xiao,ZHANG Jin-rong,HUANG Wei

DOI: https://doi.org/10.3969/j.issn.1001-2265.2006.12.030

2006-01-01

Abstract:According to the requirement of enterprise sales management information system,the problems of management information system permission is analyzed and discussed,under the theory of role-based access control,an Access control model suit to WAN management information system based on user-role-page and menu is brought forward;and the access control process and realized method of the model is brought forward too.The access control model has been used in the WAN sales management information system,and it well completes the access control of the system.

ZHONG Jiang,HOU Su-juan

DOI: https://doi.org/10.3724/sp.j.1087.2010.02632

2010-01-01

Journal of Computer Applications

Abstract:Concerning the limitations of the application of traditional access control model in new generation credible Internet environment,such as the inefficiency in user-role assignment and the difficulty in cross-domain access control,a universal attribute-based access control framework was proposed.It took a unified method to dispose the attributes of users,resources,operations and running context,simplified the complex way of permissions determination in traditional RBAC and other access control modes,thus enhancing the versatility and flexibility of access control system.At the same time,authentication based on attribute certificates was applied in cross-domain access,policy evaluation and evaluation algorithm were also discussed,which could dynamically realize resource management and access control for users from different domains.In addition,the mechanism of the running context makes the framework more suitable to be applied in complex and dynamic Internet environment.