【摘要】 如何解决对Web服务的访问控制已成为当前Web服务应用研究中的一个重要课题。首先介绍了XACML标准的产生动机,然后结合Xpath来说明如何定义标准的访问控制策略。应用XACML策略来定义通用的访问控制需求,并且提出了一种机制来发现和解决策略间的冲突,达到对Web服务进行细粒度的访问控制。最后以一个应用实例来具体描述怎样创建一个XACML访问控制策略以及如何对实体的访问进行控制。更多还原

【Abstract】 How to solve access control on Web services has become one of the important research tasks about the application of Web ser-vices.Firstly,the motivation of XACML’s emergency is introduced,and how to define normal access control policy combined with Xpath is explained.General access control using XACML policies is defined,and a mechanism is presented to detect and resolve the conflicts among the policies,which make a ’fine-grained’ access control on Web services.Finally,how to build access control policy using XACML and how to control entities’ access are described in detail.更多还原