基于XACML的服务授权中心的设计与实现-计算机软件与理论专业论文.docxVIP

摘要 随着信息技术的高速发展，面向服务的架构(SOA)的出现极大地提高了软件开 发的效率，但同时由于 Web 数据与资源共享程度的不断提高，资源的安全问题却 变得越来越严重，如何支持分布式环境中动态访问控制方法，以及如何对众多的、 不同的资源进行统一的、高效的授权策略管理已经成为当前 SOA 发展的制约因素。 本文工作来源于某国家预研项目。在基于 XACML 规范设计了一个基本授权中 心的模型，详细分析了该模型的工作流程，并进行了相应的类设计以及数据流图 设计，实现了各个功能模块，最后通过结合具体应用实例，分析并测试了该模型， 演示了该系统预期的简化运行步骤，验证了基于该模型的授权决策的可行性和安 全性。 本文通过设计与实现基本授权中心，发现了基本授权中心创建策略的复杂性、 评估效率低下和静态评估缺少灵活性与正确性的问题，在基本授权中心模型基础 上提出了类自然语言编写策略的可视化策略编辑方案、多重缓冲机制和引入操作 需要和安全风险的动态评估机制。 关键词：XACML SAML 多级缓存 操作需要 安全风险 Abstract With the rapid application of information technology and the advent of Service Oriented Architecture (SOA), the efficiency of software development has been greatly improved. However, the continuously increasing share level of Web data and resources, meantime, results in the growing seriousness of resource security. So how to support dynamic techniques of access control used in the distributed environment and exercise management over diverse resources in a unified and efficient way have become one of the most restraining factors in the current SOA development. This paper comes from The National Defense Pre-Research Foundation of China.This paper proposed an authorization service center model based on XACML and elaborates its design and implementation. Firstly, it analyzes the work flow of this model and designs the corresponding class diagrams and data flow graphs. Secondly, it implements each functional components of the model. Finally, the paper, by combining with applicable examples, tests the model to demonstrate the expected simplified operating procedure of the system and verify the feasibility and security of the authorization policies base on this model. The paper studies the problems of the complexity of constructing the policies, the low efficiency of evaluation and the lack of flexibility and correctness of static evaluation of the authorization center. Based on these researches, this paper proposed the visual editing policies written by natural language and the mechanism of multiple buffering,