域间授权互操作研究综述_王雅哲-附件.pdf

ISSN 1000- 1239PCN 11- 1777PTP Journal of Computer Research and De elopment 47( 10) : 1673- 1689, 2010 王雅哲 冯登国 ( 100 190) ( yz. wang@ is. iscas. ac. cn) A Survey of Research on Inter-Domain Authorization Interoperation Wang Yazhe and Feng Dengguo (State Key Laboratory of I nf ormation Security , I nstituteof Sof tware, ChineseA cademy of Sciences, Beij ing 100190) Abstract Distributed sy stem security is an important research field for the scene of mult-i domain cooperation that has been de eloped abundantly in recent y ears. During most pr actical cooperating processes, both de eloper s and administrators w onpt abandon the legacy sy stems of entitlement management and access control completely, but expect to hold the balance betw een authorization opening and rebuilding costs. Just in such background, authorization inter operation becomes a representati e research method. From multidimensional perspecti es, this paper focuses on carding and dissecting the pr ogress and e olution of the theory and technology of inter operation. For ex ample: from the perspecti e of inter-domain cooperati e architecture, the interopertion can be di ided into loosely-coupled pattern and federated pattern; from the perspecti e of security detection mechanism, it can be di ided into mediator-based scenario and mediator-free scenario; from the perspecti e of modeling approach, it can be di ided into arbitrary management ad ance modeling and request-dri en real time modeling; fr om the perspecti e of assisti e technology, it relates to trust-based, risk-based and semantic based assistance, etc; and from the perspecti e of policy integration le el, it can be separated into author ization management oriented integration and resource aggregation ori