XACML-based Access Control Model for Web Services
基于XACML的Web服务访问控制模型*

In order to overcome the shortcomings of coarse-grained control in identity-based authorization,enhance the interoperability and adapt to the characteristics of Web services,one access control system model for Web services based on XACML associated with RBAC and SAML was presented.This system used a set of relevant attributes of the user,resources and environment rather than user's local identity to make access decision,which can provider more fine-grained access control and protect user's privacy.Further,by using XACML and SAML standards,this system can not only satisfy the interoperability in the distributed environment,but also fit the characteristics of Web services,such as dynamic characteristic,heterogeneity and so on.