Abstract:
Distributed system security is an important research field for the scene of multi-domain cooperation that has been developed abundantly in recent years. During most practical cooperating processes, both developers and administrators wont abandon the legacy systems of entitlement management and access control completely, but expect to hold the balance between authorization opening and rebuilding costs. Just in such background, authorization interoperation becomes a representative research method. From multidimensional perspectives, this paper focuses on carding and dissecting the progress and evolution of the theory and technology of interoperation. For example: from the perspective of inter-domain cooperative architecture, the interopertion can be divided into loosely-coupled pattern and federated pattern; from the perspective of security detection mechanism, it can be divided into mediator-based scenario and mediator-free scenario; from the perspective of modeling approach, it can be divided into arbitrary management advance modeling and request-driven real time modeling; from the perspective of assistive technology, it relates to trust-based, risk-based and semantic based assistance, etc; and from the perspective of policy integration level, it can be separated into authorization management oriented integration and resource aggregation oriented integration. For every typical scheme, the survey elaborates the basic theory and applicable scene, and analyzes technical features and limitation through comparison. Finally, a conclusion is drawn which includes some mainstream characteristics of this area, and then summarizes and forecasts future potential research trends.