电子政务中基于组织的Web服务访问控制模型

发布时间：2018-04-29 18:22

本文选题：访问控制 + 电子政务　；参考：《大连理工大学》2014年硕士论文

【摘要】：经过几十年的不断发展,我国电子政务已经初具规模,并且得益于国家的高度关注,目前正处于高速发展时期。但是,由于早期的无规划、无组织建设,导致了各部门、各单位建立的电子政务应用系统之间无法互通互联。而随着时代的进步,那些遗留下来的电子政务应用系统越来越不能满足公众的服务需求。因此,人们尝试运用Web服务技术将遗留系统进行整合或者重建,从而为公众提供更加便捷、高效、优质的政务服务。然而,在基于Web服务的电子政务系统中,Web服务本身的开放性以及访问的主体和客体具备的动态性,都给系统的安全性带来了很大的安全隐患。现有的访问控制技术难以保证基于Web服务的电子政务系统中访问授权的安全性和灵活性。为了解决基于Web服务的电子政务系统的访问控制和授权管理问题,分析了政府的组织结构、基于Web服务的电子政务系统自身的特点以及访问控制特性,然后在深入研究基于组织的四层访问控制模型(OB4LAC)的基础上,提出了基于组织的Web服务访问控制模型(WS-OBAC)。 WS-OBAC模型以组织为核心,从管理的视角研究访问控制与授权管理问题。通过引入岗位代理和授权单元,授权会随着环境上下文信息的变化而调整,实现了动态授权,同时利用授权单元的状态迁移,对工作流模式提供支持。并且模型将权限分为服务权限和服务属性权限两级,实现细粒度的资源保护。同时,本文还给出了WS-OBAC的管理模型(AWS-OBAC)对模型中涉及的岗位、角色、服务权限等元素之间的相互指派关系以及岗位和角色的层级关系进行管理,并给出了形式化描述。最后,探讨了WS-OBAC模型在基于Web服务的电子政务系统中的应用,对基于WS-OBAC模型的授权管理系统进行了分析和设计,并通过实际应用案例验证了模型的科学性和实用性。本文提出的WS-OBAC模型能够很好的契合电子政务系统中的复杂组织结构,在保护Web服务资源的同时,使得授权更加高效、灵活,从而为基于Web服务的电子政务系统建设的顺利进行保驾护航。
[Abstract]:After decades of continuous development, China's e-government has begun to take shape, and thanks to the country's high level of concern, is in a period of rapid development. However, due to the unplanned and unorganized construction in the early stage, the electronic government application systems established by various departments and units cannot be interconnected. Along with the progress of the times, those legacy e-government application systems can not meet the service needs of the public more and more. Therefore, people try to use Web services technology to integrate or rebuild legacy systems, so as to provide more convenient, efficient and high-quality government services for the public. However, in the E-government system based on Web services, the openness of web services and the dynamic nature of the subject and object of access bring a great security hazard to the security of the system. The existing access control technology is difficult to guarantee the security and flexibility of access authorization in the E-government system based on Web services. In order to solve the problems of access control and authorization management of E-government system based on Web service, the paper analyzes the organizational structure of government, the characteristics of E-government system based on Web service and the characteristics of access control. Then, based on the in-depth study of OB4LAC-based four-layer access control model, an organization-based Web services access control model is proposed. The WS-OBAC model focuses on organization and studies access control and authorization management from the perspective of management. By introducing post agent and authorization unit, authorization will be adjusted with the change of environment context information, and dynamic authorization can be realized. At the same time, the state migration of authorization unit is used to support workflow mode. The model divides the privilege into two levels: the service permission and the service attribute permission to realize the fine-grained resource protection. At the same time, the management model of WS-OBAC (AWS-OBAC) is given to manage the assignment relationship among the elements of the model, such as position, role, service authority, and the hierarchical relationship between posts and roles, and a formal description is given. Finally, this paper discusses the application of WS-OBAC model in E-government system based on Web service, analyzes and designs the authorization management system based on WS-OBAC model, and verifies the scientificity and practicability of the model through practical application cases. The WS-OBAC model proposed in this paper can fit well with the complex organization structure in the E-government system. It can protect the resources of Web services and make the authorization more efficient and flexible. Thus, it can guarantee the smooth construction of e-government system based on Web service.
【学位授予单位】：大连理工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】