Against the problem of transmitting authorization request and response between the entities of XACML access con-trol model, this paper proposes a flexible, scalable communication model between PEP and PDP. According to the extension of SAML specification, XACML authorization request and response are packaged as SAML authorization request and response. Spring Web Service architecture is used to implement the PEP-WS modules and PDP-WS modules which are responsible for transmitting SAML authorization request and response. The model is designed to achieve the transparency of transmission of authorization request and response, will achieve the integration of PEP and PDP, and enhance the flexibility and scalability of XACML access control model deployment.% 针对XACML访问控制模型实体间授权请求与响应的传输问题,提出一种灵活、可扩展的策略执行点PEP与策略决策点PDP通信模型。根据OASIS对SAML规范进行的扩展,该模型中的SAML处理模块将XACML授权请求与响应封装成为SAML授权请求与响应,利用Spring Web Service架构实现模型中的PEP-WS模块和PDP-WS模块,对SAML授权请求与响应进行传输。该模型能够实现XACML授权请求与响应传输的透明性,将实现方式不同的PEP与PDP进行集成,增强了XACML访问控制模型部署的灵活性和可扩展性。
展开▼
