General Attribute Based RBAC Model for Web Services

作     者：ZHU Yiqun LI Jianhua ZHANG Quanhai ZHU Yiqun, LI Jianhua, ZHANG Quanhai Department of Electronic Engineering, Shanghai Jiao Tong University, Shanghai 200030, China

作者机构：Department of Electronic Engineering Shanghai Jiao Tong University Shanghai 200030 China 

出 版 物：《Wuhan University Journal of Natural Sciences》 (武汉大学学报（自然科学英文版）)

年 卷 期：2008年第13卷第1期

页      面：81-86页

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Supported by the National Natural Science Foundation of China (60402019  60772098 and 60672068) 

主　　题：attribute rule user-role assignment role-based access control (RBAC) access policy 

摘      要：Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control（GARBAC） model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user＇s attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments.