服务网格中基于UCONB的授权决策模型
A UCONB-based Authorization Decision Model in Service Grid
作者:桂劲松(中南大学 信息科学与工程学院, 湖南 长沙 410083);陈志刚(中南大学 信息科学与工程学院, 湖南 长沙 410083);胡玉平(中南大学 信息科学与工程学院, 湖南 长沙 410083)
Author:(School of Info. Sci. and Eng., Central South Univ., Changsha 410083, China);(School of Info. Sci. and Eng., Central South Univ., Changsha 410083, China);(School of Info. Sci. and Eng., Central South Univ., Changsha 410083, China)
收稿日期:2007-07-02 年卷(期)页码:2008,40(6):133-139
期刊名称:工程科学与技术
Journal Name:Advanced Engineering Sciences
关键字:服务网格;授权决策模型;委托凭证;义务行为决策使用控制模型
Key words:service grid; authorization decision model; delegation certification; UCONB
基金项目:国家自然科学基金资助项目(60573127); 湖南省自然科学基金资助项目(06JJ5098); 湖南省教育厅科研基金资助项目(06A031)
中文摘要
针对基于义务行为决策的使用控制模型(UCONB)表达能力弱的缺陷,为了解决服务网格中决策组件与执行组件的合理分工以及独立授权过程的并发执行问题,提出了委托凭证作为决策结果的细粒度表达方式。改进与扩充了UCONB,将原来简单的访问状态改进与扩充为委托凭证处理过程的状态组合。决策组件能根据访问请求时的系统状态输出合理的委托凭证,也能根据随后的系统状态变化进行再决策以转换委托凭证的处理状态。实例展示表明新模型细粒度地表达了授权策略,输出了合理的决策结果,提高了决策效率。
英文摘要
In order to improve the capability of expression of the usage control model based on obligation action decision(UCONB), reasonably assign tasks of decision component and execution component, and simultaneously execute independent authorization processes in service grid, a delegation certification was presented to express a decision result in a fine grained manner.The UCONB was improved and extended, and the delegation certification processing statuses were defined to replace the simple access status. Decision component can make the reasonable delegation certification based on the system status when a request arrives, and also make decision to change the delegation certification processing status when the system status is changed. The application showed that the improved decision model can express authorization policies in a fine grained manner, export reasonable decision results,and improve the efficiency of decision processes.
【关闭】
