论文部分内容阅读
网格系统存在大量动态的访问用户和每个自治域有自己的访问控制策略,因此具有动态性和自治性的访问控制需求。基于属性的访问控制和网格系统的授权需求提出了一个属性驱动的多策略访问控制模型(MP_ABAC,Multipolicy_supported Access Control based on Attribute)并基于继承和封装思想和可扩展访问控制标记语言(XACML)设计了MP_ABAC授权框架。框架在网格访问控制中存在很大的优势,为网格授权系统提供了开放的架构,且能够集成第三方基于属性的授权系统。
Grid systems have a large number of dynamic access users and each autonomous domain has its own access control policy, so dynamic and autonomic access control requirements. Based on attribute-based access control and authorization requirements of grid system, an Attribute-driven Multi-policy Access Control based on Attribute (MP_ABAC) is proposed and based on the idea of inheritance and encapsulation and the design of Extensible Access Control Markup Language (XACML) MP_ABAC authorization framework. Framework has great advantages in grid access control, provides an open architecture for grid authorization system and integrates third-party attribute-based authorization system.