高级检索

    域间授权互操作研究综述

    A Survey of Research on Inter-Domain Authorization Interoperation

    • 摘要: 分布式系统安全是多域协作场景下的重要研究领域,近年来得到大力发展.在大多数实际的多域协作过程中,无论开发者还是管理者都不想完全摈弃已有的权限管理和访问控制体系,希望在授权开放性和系统改造代价间保持平衡和兼顾.域间授权互操作正是在这一背景下逐渐成为该领域具有代表性的研究方法.着力对域间互操作理论和技术的整体进展与演化进行细致梳理与剖析,从多维视角下对其进行归类比较,例如:根据域间协作架构划分,可分为松耦合协作模式和联邦式协作模式;根据安全检测实施方式划分,可分为基于协调中心的检测模式和无协调中心模式;根据互操作建模方式划分,主要包括基于管理行为的预前建立模式和基于请求驱动的实时建立模式;根据建立互操作采用的辅助技术划分,主要涉及基于信任、基于风险和基于语义等;根据策略整合所处的层面划分,可分为面向授权管理的策略集成和面向资源聚合的策略集成.针对若干典型方案,阐述其基本原理、适用场景,对技术特点和局限性给出较为深入的对比分析,在大量现有研究工作的基础上综述授权互操作发展的基本特点,归结展望了今后可能的研究趋势.

       

      Abstract: Distributed system security is an important research field for the scene of multi-domain cooperation that has been developed abundantly in recent years. During most practical cooperating processes, both developers and administrators wont abandon the legacy systems of entitlement management and access control completely, but expect to hold the balance between authorization opening and rebuilding costs. Just in such background, authorization interoperation becomes a representative research method. From multidimensional perspectives, this paper focuses on carding and dissecting the progress and evolution of the theory and technology of interoperation. For example: from the perspective of inter-domain cooperative architecture, the interopertion can be divided into loosely-coupled pattern and federated pattern; from the perspective of security detection mechanism, it can be divided into mediator-based scenario and mediator-free scenario; from the perspective of modeling approach, it can be divided into arbitrary management advance modeling and request-driven real time modeling; from the perspective of assistive technology, it relates to trust-based, risk-based and semantic based assistance, etc; and from the perspective of policy integration level, it can be separated into authorization management oriented integration and resource aggregation oriented integration. For every typical scheme, the survey elaborates the basic theory and applicable scene, and analyzes technical features and limitation through comparison. Finally, a conclusion is drawn which includes some mainstream characteristics of this area, and then summarizes and forecasts future potential research trends.

       

    /

    返回文章
    返回