A Authentication and Access Authorization Mechanism on the PaaS Platform

摘要

Security of Platform as a Service for multi-tenant becomes a key factor for the sustainable development of the system. This paper analyzes the limitations and shortcomings of traditional identity authentication. Identity authentication is realized through the ticket authentication method. Considering the dynamic and timeliness of resources in cloud computing, this paper proposes a dynamic access control method based on Role-Based Access Control and usage control model from the perspective of business conversation, so as to realize the dynamic access control of tenants to resources in Platform as a Service. The paper elaborates on the security and usability of the key generation, distribution, update, and metadata access control processes. Practice shows that the cloud resource access control model can flexibly realize the control of cloud resources such as authority separation, resource attribute restriction and utilization control, so as to better meet the demand of cloud resource access control with multi-tenant sharing and dynamic characteristics in cloud environment.