Distributed system access control method based on component and access control system

Abstract

The invention discloses a distribution system access control method based on a component, and belongs to the technical field of computer software. The method includes the following steps: a) a user launches an access request; b) a standard delegation decision inteface obtains the user property information in the access request, reforms the user property information into a strategy decision request and then submits to a strategy decision server; c) the strategy decision server searches the existing strategy according to the strategy decision request and obtains a strategy matched with the strategy decision request; d) if the strategy decision request lacks the user property information needed by the matched strategy, then the strategy decision server transfers a property searching module for searching the needed user property information and updating the strategy decision request; e) the strategy decision server makes a decision according to the updated strategy decision request and the matched strategy; f) the standard delegation decision inteface authorizes or ignores the access request of the user according to the decision. The distribution system access control method based on a component can be used for the access control of the distribution system.

Description

technical field [0001] The present invention relates to a distributed system access control method and access control system, more specifically, the present invention relates to an access control method based on Web Service technology for design, development and deployment using component design ideas and methods An access control middleware system belongs to the technical field of computer software. Background technique [0002] With the popularization of computers and the use of the Internet, the interaction between computers has become increasingly frequent and diverse, and access control issues have received more and more attention. However, most of today's access control systems are closely related to applications, lacking the abstraction of access control model and access control process implementation. How to ensure the correctness, reliability and ease of use of these access control systems that are strongly related to the underlying applications has become one of t...

AI Technical Summary

Problems solved by technology

[0004] 1. Access control granularity is not detailed enough

Most of the traditional access control models only consider a specific attribute of the user when authorizing, while ignoring other attributes, and users with the same attribute value have the same access rights.

[0005] 2. The cost of implementing multi-strategy support is too high

[0006] 3. Poor ductility

[0008] 5. It is difficult to meet the access control requirements of distributed systems

But at the same time, PERMIS also has some shortcomings: For example, PERMIS integrates authorization management and access policy management, and the management mechanism lacks loose coupling, which does not conform to the componentized system development model; Extensive support for application scenarios, it is difficult to provide a general access control interface

It is worth noting that there are also some problems in the Cardea project that need to be improved. Since the goal of Cardea is only to provide a secure distributed environment for dynamic resource access across management domains, it lacks interfaces and standards for effective integration with various other systems. This will result in the lack of support for free replacement or free cutting of peripheral components when the function is expanded in the future, which is especially important in large-scale distributed systems

Images