摘要
目前空间数据网格中的访问权限控制基本是采用的设置用户角色和空间数据分级映射的机制,不能满足开放网格环境中的访问主体属性多样化和访问数据细粒度控制的要求。针对该问题,研究并提出了一种基于属性的空间数据安全访问机制。提出了基于ABAC(attribute based access control)的目标用户、空间数据、网格环境的属性描述模型;在XACML(extensible access control markup language)的基础上,设计了完整的基于属性的空间数据访问策略、框架和流程。通过该项目的应用,表明了该机制能够有效满足空间数据网格访问控制要求。
Currently, almost all the data access controls in spatial data grid are implemented by setting user roles and spatial data classification mapping mechanism, which can not satisfy the needs of open grid environment with diverse subject attributes and fine-grained control requirements. With respect to this problem, a spatial data access control mechanism based on attributes is put forward. First, an attributes description models of target users, spatial data and grid environment based on ABAC (attri- bute based access control) is proposed. Then on the basis of XACML (extensihle access control markup language), an integrated spatial data access strategy, framework and process are designed. Finally the application in program validates this mechanism meets the requirment of spatial data access control.
出处
《计算机工程与设计》
CSCD
北大核心
2014年第3期803-808,共6页
Computer Engineering and Design
基金
国家973重点基础研究发展计划基金项目(2009CB723906)
国家863高技术研究发展计划基金项目(2013AA12A301)
