An Authorization Model without Central Authority for Service Collaboration

摘要

In the service-oriented computing, a single transaction initiated by a client might invoke many different services in other administrative domains. Existing models for authorizing the access assume that all services involved in collaboration are managed by the central authority, which is not always a realistic premise. In this paper, we propose a novel authorization model for dynamic service collaboration. With the authorization discovery process, the client can discover the needed authorization for service access available in other autonomous domains. With extensions to SoD relationship, the conflicts of client interests can be formalized and expressed as constraints. The authorization problems are formalized to choose the optimal access path for each task. At last, the example and experiments show the practicality and the effectiveness of our scheme.