CAJ | 학술논문

针对现有访问控制策略难以保障面向Web服务的复杂电子政务系统授权的灵活性问题，在研究基于组织的四层访问控制模型(OB4LAC)的基础上，提出一种基于组织的Web服务访问控制模型。以组织为核心，从管理的视角研究访问控制与授权管理问题。通过引入岗位代理和授权单元，使授权随着环境上下文信息的变化而调整，从而实现动态授权，同时利用授权单元的状态迁移，对工作流模式提供支持。并且模型将权限分为服务权限和服务属性权限2级，实现细粒度的资源保护。应用实例结果表明，该模型能够契合电子政务系统中的复杂组织结构，在保护Web服务资源的同时，使得授权更加高效和灵活。
침대현유방문공제책략난이보장면향Web복무적복잡전자정무계통수권적령활성문제，재연구기우조직적사층방문공제모형(OB4LAC)적기출상，제출일충기우조직적Web복무방문공제모형。이조직위핵심，종관리적시각연구방문공제여수권관리문제。통과인입강위대리화수권단원，사수권수착배경상하문신식적변화이조정，종이실현동태수권，동시이용수권단원적상태천이，대공작류모식제공지지。병차모형장권한분위복무권한화복무속성권한2급，실현세립도적자원보호。응용실례결과표명，해모형능구계합전자정무계통중적복잡조직결구，재보호Web복무자원적동시，사득수권경가고효화령활。
For the problem of current access control strategies difficultly guaranteeing the flexibility of authorization of complex E-government system for Web service,this paper proposes an organization-based access control model for Web services on the basis of the research of the organization-based 4 level access control model. The model takes organization as the core and studies the issue of access control and authorization management from the perspective of management. Through importing the position agent and authorization unit in the model,the authorization can be adjusted according to the change of the environment context information to implement the dynamic authorization,while taking advantage of the state migration of authorization units,provides support for workflow patterns. Furthermore,the model divides permissions into service permissions and service attribute permissions, and achieves fine-grained resource protection. Application examples show that the model can commendably fit the complex organization structure in E-government system. Moreover,it can make authorization more efficient and flexible meanwhile protecting the Web service resources.