Research On Service-Oriented Role-based Access Control

With the develop of information technology, service-oriented architecture (SOA) is used more and more as its excellences such as high efficiency, fast response, low cost and so on. As an important way to implement SOA, service composition is attached more importance to. But SOA will cause the complexity of security management due to its loose-couple and dynamic characteristics. As one of the most important security technology, access control is facing tremendous challenges. So it is very important to do research on services-oriented access control and even service composition oriented access control.In this paper, first, the development of access control technology is reviewed, some access control model and its characteristics are introduced. The discretionary access control model is hard to control the assigned permissions as its independence characteristic. The mandatory access control model do access control according to security rank strictly, although it can provide higher level safeguard protection, it is short of flexibility. The role-based access control model is flexible and easy in permission management, but it can't revoke dynamic permissions. The task-based access control model can provide dynamic security management, can satisfy the integrality constraints of task, but the trustee-set in TBAC is essentially users, not roles.In order to get over the shortage in traditional access control model, a services-oriented role and task-based access control supported by enhanced permission constraints PS-TRBAC is proposed. In the model, the notion of services is used to describe dynamic serviced-oriented architecture. The enhanced permission-set which binds task and permission is used to make the authorization and constraints easy in security management. Combine the RBAC and TBAC, the model can ensure that the authorization valid time is synchronized with the execution time as soon as possible, the least permission principle and dynamic duty separation principle. It can provide flexibility in access control system and enhance system security based on the state of task and service. The model can be applied to SOA security system more favorable.Next, the effect of PS-TRBAC in services composition is analyzed, how to use Business Process Execution Language(BPEL) to describe PS-TRBAC is introduced, it can solve the access control in service composition environment.In the implement section in this paper, a prototype system based on PS-TRBAC is designed and implemented, include the design of system architecture, the modeling based The Unified Modeling Language (UML), and the design of basic module and database.