基于策略集自动组合的网格访问控制模型研究
|
摘要
网格计算是当今信息技术领域的研究热点,网格环境下安全机制的构建异常复杂,分布式系统中已有的安全技术已不能完全解决网格安全的应用需求,因此建立适应网格环境下的安全机制非常重要。作者针对目前网格系统中的访问控制大多集中在实现机制上的研究,很少研究网格环境下访问控制的自动实现机制,并且在访问控制粒度、动态适应性和可扩展性等方面存在许多不足的研究现状,结合网格服务的组合关系,采用策略集自动组合及主要元素自动合并方法来改进基于属性的访问控制技术,建立一种更适合网格环境的访问控制模型,在安全可靠性、动态适应性、可扩展性等方面有更大的提高,为网格环境下的安全研究进行有益的探索。
该论文主要进行了以下研究:
①采用基于关系的五元组表达法及XML语言描述模型中的主要元素,并采用XACML语言描述访问控制策略集。论文提出了基于关系的五元组表达法,来定义模型元素及其间关系,并采用了XML规范语言描述模型元素,以适应论文中模型的组合、授权控制及元素撤销、更新管理。论文基于XACML语言对策略集定义及描述,以适应属性集表达方面支持。
②根据网格服务与策略集组合之间的依赖关系,提出了网格虚拟组织内策略集的自动组合方法。作者提出了沿着服务组合路径建立策略集的组合关系,体现了策略集的组合与服务组合强依赖关系。本论文通过策略集自动组合引擎实现自治域策略集的自动组合,并提出了策略集自动组合实现算法。该组合方法并不会破坏策略集访问授权的确定性和一致性。
③通过解析组合后的策略集主要元素,并通过自动合并计算,自动生成虚拟组织内的策略集。针对现有分布式系统的多策略组合方法并没有考虑主要元素的合并简化问题,本论文构建了模型元素描述文档的解析框架,提出了属性合并算法、权限集合并实现算法及相关约束。通过论文的主要元素合并方法及约束,生成了虚拟组织内的全局策略集,可提高授权及验证效率,且不会破坏原来的安全约束要求。
④建立了基于策略集自动组合的访问控制模型(PCACM)。作者针对目前的访问控制模型不具有与网格服务动态组合相匹配的能力,并在控制粒度、可扩展和动态适应性方面存在不足的问题,引用基于属性的访问控制技术,基于策略集自动组合及元素合并实现方法,提出了PCACM模型。文中通过对PCACM模型的理论分析和试验表明,该模型具有较强的安全性、控制粒度更细、验证效率高和更大的动态适应性和灵活性。
⑤通过实例介绍了PCACM模型在实际应用中的实现过程。本论文以重庆高速公路区域联网监控管理网格系统作为PCACM模型实现平台系统,经过实例分析,证明PCACM模型在实际应用中具有较强的实用性和可行性。
综上所述,针对目前网格环境访问控制研究存在访问控制粒度、动态适应性和可扩展性等不足,本论文提出的PCACM模型具有更好的安全性、动态适应性和可扩展性,并且授权验证效率高的特点,论文较为完整地提出了模型构建方法及实现框架,通过分析及实现证明,该模型可以较好地满足网格环境中的应用需求。
The research on grid computing is very prevalent in information technology field currently, the secure mechanism in grid is very complex, and the traditional secure technology in distributed system couldn’t solve these requirements of grid, of course, it’s very important to construct a new secure mechanism for grid environment. In this thesis, according to the status in grid access control, which many researches mainly concentrated on the implementation mechanism of access control, few researches are on automatic implementation mechanism for access control in grid, and these researches are also inadequate in fine-grained, dynamically suitable and extensible. So the author considered the services composition relations, adopted the methods to improve the attribute-based access control technology for grid ,which are policy set automatic composition and main elements automatic combination, and presented the access control model to improve these characters of secure reliability, dynamic adaptability and extensibility, which much more suitable for grid environment than others. So,these works in this thesis are meaningful exploring for security research in grid environment.
The main researches in this thesis are summarized as follows:
①According to the traditional grid policies only defined subjects, objects and permissions simply, and which were inadequate to support attribute set description for subjects, objects and circumstance, the author utilized XML to describe these main elements based on relation-based quintuple expression method in the model, and described the policy set based on XACML. After analyzed the relations among elements in grid access control, the quintuple expression method presented in this thesis could describe these relations of elements much exactly, and this description could be convenient for policy set composition, elements combination and updating management. So the description method in this thesis for policy set and main elements could be more suitable for the requirements of grid security than others.
②According to the current mutipolicy composition didn’t consider the dependency relations between grid services and policy set composition, the author put forward the policy set automatic composition for grid virtual organizations.The author constructed the policy set composition relations along with services composition path, which embodied the composition relations between the services and policy set were strongly dependent. In this thesis, the automatic composition was based on the automatic composition engine, and the automatic composition algorithm was also presented. After the analysis, the conclusions could be made that policy set composition didn’t break the determination and continuity for authorization for access in policy set.
③Aimed at production the new global policy set in virtual organization, the main elements in policy set must be parsed and combined, after combined, the new global policy set in virtual organization was born automatically. According to the current mutipolicy composition neither combine nor simplify elements in policy set, the author constructed the parsing framework for the description documents. In the thesis, the attribute set and permission combination algorithm has been presented, and the interrelated constraints were also discussed. According to the combination method and constraints, the global policy set in virtual organization was produced, the attribute set and permission set combination method raised verification efficiency, and couldn’t break these secure constraints before composition.
④Aimed at solve these question in current access control model, which they hadn’t the suited capability with the automatic composition of grid services, and they were inadequate in control grain, extensibility and dynamic adaptability, so the author take advantage of the access control based on attribute, and put forward the access control model based on policy set automatic composition (PCACM). In the PCACM, the author analyzed the model in theory and simulation,which stated clearly that the model was better in security, control grain, verification efficiency and dynamic adaptability than others.⑤In order to introduce the PCACM model how to work, the author implemented
the PCACM model in practical application, which is the chongqing expressway zone-network-supervision management grid system. These works expressed that the PCACM model had much stronger availability and feasibility, and it was more suitable for grid environment than previous models.
To sum up, aimed at solve these question in current access control model, which they hadn’t the suited capability with the automatic composition of grid services, and they were inadequate in control grain, extensibility and dynamic adaptability, the PCACM model was put forward in this thesis, which was better in security, control grain, extensibility and dynamic adaptability than previous models, and the verification efficiency of this model was high,. The author has presented the construction method for the PCACM model and implementation framework, from all these works, it is clear that the PCACM model was feasible, and it was more suitable for grid environment than previous models.
该论文主要进行了以下研究:
①采用基于关系的五元组表达法及XML语言描述模型中的主要元素,并采用XACML语言描述访问控制策略集。论文提出了基于关系的五元组表达法,来定义模型元素及其间关系,并采用了XML规范语言描述模型元素,以适应论文中模型的组合、授权控制及元素撤销、更新管理。论文基于XACML语言对策略集定义及描述,以适应属性集表达方面支持。
②根据网格服务与策略集组合之间的依赖关系,提出了网格虚拟组织内策略集的自动组合方法。作者提出了沿着服务组合路径建立策略集的组合关系,体现了策略集的组合与服务组合强依赖关系。本论文通过策略集自动组合引擎实现自治域策略集的自动组合,并提出了策略集自动组合实现算法。该组合方法并不会破坏策略集访问授权的确定性和一致性。
③通过解析组合后的策略集主要元素,并通过自动合并计算,自动生成虚拟组织内的策略集。针对现有分布式系统的多策略组合方法并没有考虑主要元素的合并简化问题,本论文构建了模型元素描述文档的解析框架,提出了属性合并算法、权限集合并实现算法及相关约束。通过论文的主要元素合并方法及约束,生成了虚拟组织内的全局策略集,可提高授权及验证效率,且不会破坏原来的安全约束要求。
④建立了基于策略集自动组合的访问控制模型(PCACM)。作者针对目前的访问控制模型不具有与网格服务动态组合相匹配的能力,并在控制粒度、可扩展和动态适应性方面存在不足的问题,引用基于属性的访问控制技术,基于策略集自动组合及元素合并实现方法,提出了PCACM模型。文中通过对PCACM模型的理论分析和试验表明,该模型具有较强的安全性、控制粒度更细、验证效率高和更大的动态适应性和灵活性。
⑤通过实例介绍了PCACM模型在实际应用中的实现过程。本论文以重庆高速公路区域联网监控管理网格系统作为PCACM模型实现平台系统,经过实例分析,证明PCACM模型在实际应用中具有较强的实用性和可行性。
综上所述,针对目前网格环境访问控制研究存在访问控制粒度、动态适应性和可扩展性等不足,本论文提出的PCACM模型具有更好的安全性、动态适应性和可扩展性,并且授权验证效率高的特点,论文较为完整地提出了模型构建方法及实现框架,通过分析及实现证明,该模型可以较好地满足网格环境中的应用需求。
The research on grid computing is very prevalent in information technology field currently, the secure mechanism in grid is very complex, and the traditional secure technology in distributed system couldn’t solve these requirements of grid, of course, it’s very important to construct a new secure mechanism for grid environment. In this thesis, according to the status in grid access control, which many researches mainly concentrated on the implementation mechanism of access control, few researches are on automatic implementation mechanism for access control in grid, and these researches are also inadequate in fine-grained, dynamically suitable and extensible. So the author considered the services composition relations, adopted the methods to improve the attribute-based access control technology for grid ,which are policy set automatic composition and main elements automatic combination, and presented the access control model to improve these characters of secure reliability, dynamic adaptability and extensibility, which much more suitable for grid environment than others. So,these works in this thesis are meaningful exploring for security research in grid environment.
The main researches in this thesis are summarized as follows:
①According to the traditional grid policies only defined subjects, objects and permissions simply, and which were inadequate to support attribute set description for subjects, objects and circumstance, the author utilized XML to describe these main elements based on relation-based quintuple expression method in the model, and described the policy set based on XACML. After analyzed the relations among elements in grid access control, the quintuple expression method presented in this thesis could describe these relations of elements much exactly, and this description could be convenient for policy set composition, elements combination and updating management. So the description method in this thesis for policy set and main elements could be more suitable for the requirements of grid security than others.
②According to the current mutipolicy composition didn’t consider the dependency relations between grid services and policy set composition, the author put forward the policy set automatic composition for grid virtual organizations.The author constructed the policy set composition relations along with services composition path, which embodied the composition relations between the services and policy set were strongly dependent. In this thesis, the automatic composition was based on the automatic composition engine, and the automatic composition algorithm was also presented. After the analysis, the conclusions could be made that policy set composition didn’t break the determination and continuity for authorization for access in policy set.
③Aimed at production the new global policy set in virtual organization, the main elements in policy set must be parsed and combined, after combined, the new global policy set in virtual organization was born automatically. According to the current mutipolicy composition neither combine nor simplify elements in policy set, the author constructed the parsing framework for the description documents. In the thesis, the attribute set and permission combination algorithm has been presented, and the interrelated constraints were also discussed. According to the combination method and constraints, the global policy set in virtual organization was produced, the attribute set and permission set combination method raised verification efficiency, and couldn’t break these secure constraints before composition.
④Aimed at solve these question in current access control model, which they hadn’t the suited capability with the automatic composition of grid services, and they were inadequate in control grain, extensibility and dynamic adaptability, so the author take advantage of the access control based on attribute, and put forward the access control model based on policy set automatic composition (PCACM). In the PCACM, the author analyzed the model in theory and simulation,which stated clearly that the model was better in security, control grain, verification efficiency and dynamic adaptability than others.⑤In order to introduce the PCACM model how to work, the author implemented
the PCACM model in practical application, which is the chongqing expressway zone-network-supervision management grid system. These works expressed that the PCACM model had much stronger availability and feasibility, and it was more suitable for grid environment than previous models.
To sum up, aimed at solve these question in current access control model, which they hadn’t the suited capability with the automatic composition of grid services, and they were inadequate in control grain, extensibility and dynamic adaptability, the PCACM model was put forward in this thesis, which was better in security, control grain, extensibility and dynamic adaptability than previous models, and the verification efficiency of this model was high,. The author has presented the construction method for the PCACM model and implementation framework, from all these works, it is clear that the PCACM model was feasible, and it was more suitable for grid environment than previous models.
引文
[1]都志辉,陈渝,刘鹏.网格计算[M].清华大学出版社,2002年.
[2]桂小林,网格技术导论[M].北京邮电大学出版社,2005年.
[3] Humphrey,M.,Thompson,M.R.,Jackson,K.R..Security for Grids[C].IEEE Computer. 2005, 93(3):644– 652.
[4] Enterprise Grid Security Requirements[A]. 2005. www.ogf.org/documents/ ega-grid_ security _ requirements- v1Approved.pdf
[5] Humphrey,M., Thompson,M.. Security implications of typicalgrid computing usage scenarios[C]. in Proc. 10th Int. Symp. High PerformanceDistributed Computing (HPDC), San Francisco, CA. 2001,7–9.
[6] Landwehr,C.. Computer Security[J].Int.J.Inf.Security,2001,(1):3-13.
[7] Dwoskin, J., Basu,S., Talwar, V.,at al. Scoping Security Issues for Interactive Grids[C].Signals,Systems and Computers, 2003. Conference Record of the Thirty-Seventh Asilomar Conference .IEEE Computer.2003, 1: 367-373.
[8] Nagaratnam, N., Janson,P., Foster, I.,at.al. The Security Architecture for Open Grid Services Version. 1[A]. 2002. http://www.globus.org/ogsa/Security/OGSA-SecArch-v1- 07192002.pdf.
[9] Foster,I., Kesselman,C., Tsudik,G.,at al. A Security Architecture for Computational Grids[C]. 5th ACM Conference on Computer and Communication Security. USA:San Francisco,. 1998,83-92.
[10] WebSphere Version 6. Web Services Handbook Development and Deployment[A]. http://www.ibm.com/redbooks/.
[11] Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)[A]. OASIS Standard Specification, 1 February 2006. http://docs.oasis-open.org/wss/v1.1/
[12] http://www.oasis-open.org/.
[13] http://www.ggf.org/.
[14] Foster, I., Kesselman, C.,Tuecke, S..The Anatomy of the Grid: Enabling Scalable Virtual Organizations[J]. International Journal of High Performance Computing Applications, 2001, 15 (3), 200-222.
[15]羌卫中,金海,石宣化等.基于分布式信任管理机制的网格授权研究[J].华中科技大学学报(自然科学版). 2005,33(12):115-117.
[16]钟勇,秦小麟,郑吉平.一种灵活的使用控制授权语言框架研究[J].计算机学报.2006,29(8):1408-1417.
[17] Chadwick,D.. Authorisation in Grid computing[R]. Information Security Technical Report 2005 ,10:33-40.
[18] Sandhu, R.. The OM-AM and the RBAC way[C]. Engineering Authority and Trust in Cyberspace, In Proceeding of RBAC 2000,Germany: Berlin, 2000.
[19] IBM, Microsoft and VeriSign. Web ServicesSecurity Language (WS-Security)[A]. 2002. http: //specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf/.
[20] Security Assertion Markup Language(SAML) 1.0 Specification[A]. OASIS, November 2002. http://www.oasisopen.org/committees/security/.
[21] IBM, Microsoft, RSA Security and VeriSign.Web Services Secure Conversation Language (WS-SecureConversation) Version 1.0[A]. http://specs.xmlsoap.org/ ws/2005/02/ sc/WS-SecureConversation.pdf/.
[22] Simple Object Access Protocol (SOAP) 1.1[A].2003. http: // www.w3.org/TR/SOAP/.
[23] IBM,Microsoft, RSA Security and Veri-Sign.Web Services Trust Language (WS-Trust)[A]. http: //specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf/.
[24] eXtensible Access Control Markup Language(XACML) 1.0 Specification[A].OASIS, February 2003. http://www.oasisopen.org/committees/xacml/.
[25] Graham, S., Simeonov, S., Boubez, T.,at al. Building Web Services withJava: Making Sense of XML, SOAP, WSDL,and UDDI[A]. Sams, 2004.
[26] http://www.globus.org/
[27] Butler, R., Engert, D., Foster, I.,at al. National-Scale Authentication Infrastructure[J].IEEE Computer, 2000.33(12). 60-66.
[28] Foster, I., Kesselman, C., Tsudik, G. ,at al. A Security Architecture for Computational Grids[C]. ACM Conference onComputers and Security, 1998,83-91.
[29] CCITT Recommendation X.509: The Directory– Authentication Framework[A]. 1988.
[30] Dierks, T. and Allen, C. The TLS Protocol Version 1.0[A]. IETF. 1999. http://www.ietf.org/ rfc/rfc2246.txt/.
[31] Tuecke, S., Engert, D., Foster, I., at al. Internet X.509 Public Key Infrastructure Proxy Certificate Profile[A]. IETF. Draft draft-ietf- pkix-proxy-01.txt, 2001.
[32] Pearlman, L., Welch, V., Foster, I.,Kesselman, C. at al. A Community Authorization Service for Group Collaboration[C]. IEEE 3rd International Workshop on Policies for DistributedSystems and Networks,USA :Monterey, 2002,50-59.
[33] Welch1,V., Siebenlist,F., Foster,I.,at.al. Security for Grid Services[C]. High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.2003,48-57.
[34] The Globus Security Team.Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective[A]. http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI- Overview. pdf/.
[35] VOMS Architecture v1.1[A]. http://gridauth.infn.it/docs/VOMS-v1_1.pdf/.
[36] Data Grid Project[A]. http://www.eu-datagrid.org/.
[37] Thompson,M., Essiari,A., Mudumbai,S..Certificate-based authorization policy in a PKI environment[J].ACM Transactions on Information and System Security, 2003,6(4):566-588.
[38] Chadwick,D. W., Otenko,A.. The PERMIS X.509 Role Based Privilege Management Infrastructure[C]. 7th ACM Symposium on Access Control Models and Technologies, USA:Monterey, 2002.
[39] Stell,A..J., Sinnott Dr,R..O., Watt Dr,J.P.. Comparison of Advanced Authorisation Infrastructures for Grid Computing[C]. Proceedings of the 19th International Symposium on High Performance Computing Systems and Applications (HPCS’05).2005,195-201.
[40] http://www.condor-g.org/.
[41] Frey,J., Tannenbaum,T., Foster,I.,at al.Condor-G: A Computation Management Agent for Multi-Institutional Grids[C]. Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, August 2001.
[42] http://www.legion.org/.
[43] Wm,A. Wulf.Chenxi Wang,Kienzle D..A New Model of Security for Distributed Systems[A].1995. http://legion.virginia.edu/papers/CS-95-34.pdf/.
[44]徐志伟,李晓林,游赣梅.织女星信息网格的体系结构研究[J].计算机研究与发展, 2002, 39 (8) : 948~951.
[45]张纲,李晓林,游赣梅,徐志伟.基于角色的信息网格访问控制的研究[J].计算机研究与发展. 2002,39(8):952-956.
[46] Foster, I., Kesselman, C., Tsudik, G. and Tuecke, S.The physiology of the grid:an open grid services architecture for distributed systems integration[A]. 2002。http://www.globus.org/ reaearch/papers/ogsa.pdf/.
[47] Gladney H. M., Meyers J. J., Worley E. L.. Access control mechanism for computing resources[J]. IBM Systems Journal ,1975 , 14 (3) : 212~228.
[48] Anderson J . P.. Computer security technology planning study[R].Air Force Electronic Systems Division , Hanscom AFB , Bedford , MA : Technical Report ESDTR 273251 , 1972.
[49] Department of Defense()DOD). Trusted Computer System Evaluation Criteris(TCSEC) (DoD5200.28-STD1985)[A]. Fort Meade, MD: Department of Defense, 1985.
[50] Sandhu, R.S., Coyne,E.J., Feinstein, H.L., at,al. Role-Based access control models[J]. IEEE Computer,1996,29(2):38~47.
[51] Moyer, M.J.. Ahamed,M.. Generalized role-based access control[C]. In: Proc.the 21st Int’1 Conf. Distributed Computing Systems. Phoenix: IEEE Press,2001, 391~398.
[52] Ferraiolo,D., Kuhn,R.. Role-based access controls[C]. In : Proceedings of the 15th NIST2NCSC National Computer Security Conference , Baltimore , MD , 1992 , 554~563.
[53] Ferraiolo D. F., Sandhu R., Guirila S.,at al. Chandramouli R. Proposed NIST standard for role-based access control [J]. ACM Transactions on Information and System Security , 2001 , 4(3) : 224~274.
[54] Sandhu,R., Qanner Munawer,B.. The ARBAC97 model for role-based administration of roles [J]. ACM Trans on Information and Systems Security(TISSEC), 1999,2(1):105-135.
[55] Sandhu,R., Qanner Munawer,B. The ARBAC99model for administration of roles [C].The 15th Annual Computer Security Applications Conference (ACSAC’99). USA :Scottsdale, Arizona,1999.
[56] Crampton, J., Loizon,G,. Administrative scope: A foundation for role-based administrative models[J]. ACM Trans on Information and System Security,2003,6(2):201-231.
[57] Sejong,O., Sandhu, R..A model for role administration using organization structure [C]. The 7th ACM Symp on Access Control Models and Technologies (SACMAT 2002). USA: California,2002.
[58]黄益民,平玲娣,潘雪增.一种基于角色的访问控制扩展模型及其实现[J].计算机研究与发展.2003,40 (10):1521-1527.
[59]龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展.2005.42(5):868-876.
[60]叶春晓,吴中福,符云清,等.基于属性的扩展委托模型[J].计算机研究与发展.2006, 43(6): 1050~1057.
[61] Senzhang, G., parashar,M.. Dynamic Context-aware Access Control for Grid Applications. Grid Computing[C]. Proceedings. Fourth International Workshop, 2003,17:101– 108.
[62] Moyer, M.J., Ahamed,M.. Generalized role-based access control[C]. In: Proc.the 21st Int’1Conf. Distributed Computing Systems. Phoenix,IEEE Press, 2001.391-398.
[63] Wang, L.,Wijesekera, D., Jajodia, S.. A logic-based framework for attribute based access control[C]. In Proceedings of the 2004 ACM workshop on Formal methods in security engineering, 2004.
[64] Zhang Xinwen Li Yingjiu. ABAM: An Attribute-Based Access Matrix Model[C]. In: Proceedings of the 2005 ACM symposium on Applied computing, ACM Press, New York,2005,359– 363.
[65] Eric Y., Jin T.. Attributed Based Access Control (ABAC) for Web Services[C]. In: Proceedings of the IEEE International Conference on Web Services (ICWS’05). Washington. IEEE Computer Society Press.2005,561-569.
[66]张煜,张文燚,李先贤.多自治域协同环境下群组通信的安全访问控制[J].计算机研究与发展. 2005, 42(9): 1558~1563.
[67]陈颖,杨寿保,郭磊涛.网格环境下的一种动态跨域访问控制策略[J].计算机研究与发展. 2006, 43(1): 1863~1869.
[68]孙为群,单保华,张程,等.一种基于角色代理的服务网格虚拟组织访问控制模型[J].计算机学报. 2006:29(7):1199~1208.
[69] Li,N., Mitchell,J.C .RT:a role-based trust—management framework[C].∥Seamonst K E,ed.Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX’03).Washington:IEEE Press, 2003,214-226.
[70] Bo L., Foster, I., Siebenlist, F.,et al. Attribute Based Access Control for Grid Computing[C]. Grid Computing, 2003. Proceedings. Fourth International Workshop, 2003, 17: 101-108.
[71] Mohammad A., Kahtani, A., Sandhu, R..A Model for Attribute-Based User-Role Assignment[C].Annual Computer Security Applications Conference, 2002.
[72] Godik, S., Moses, eds,T..OASIS eXtensible Access Control Markup Language XACML)Version 1.1[A]. Committee Specification, 7 August 2003,. http://www.oasis- open.org/ committees/xacml/ repository/ cs-xacml-specification-1.1.pdf/.
[73] Godik, S., Moses, eds,T.. OASIS eXtensible Access Control Markup Language (XACML)Version 1.0[A]. OASIS Standard, 18 February 2003. http://www.oasis- open.org/committees/download.php/2406/oasis-xacml-1.0.pdf.
[74] Godik, S., Moses, eds,T..OASIS eXtensible Access Control Markup Language XACML)Version 2.0[A]. Committee Draft 01, 16 September 2004. http://docs.oasis- open.org/xacml/access_control-xacml-2.0-core-spec-cd-01.pdf/.
[75] Godik, S., Moses, eds,T..OASIS eXtensible Access Control Markup Language (XACML)Version 2.0[A]. OASIS Standard, OASIS Standard, 1 Feb 2005.http://docs. oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf/.
[76] Godik, S., Moses, eds,T..OASIS Hierarchical resource profile of XACMLv2.0[A]. OASIS Standard, OASIS Standard, 1 Feb 2005. http://docs.oasis-open.org/xacml/ 2.0/access_control- xacml-2.0-hier-profile-spec-os.pdf/.
[77] Bray, T., Paoli, J., Sperberg,M.,C., at al. Extensible Markup Language (XML) version 1.0[C]. 3rd edition, 2004. http://www.w3.org/ TR/REC-xml/ W3 Consortium Recommendation/.
[78]李斓,何永忠,冯登国,等.面向XML文档的细粒度强制访问控制模型[J].软件学报. 2004 ,10:106-115.
[79] Hao He, Wong, R.K.. A role-based access control model for XML repositories[C]. Proceedings of the First International Conference on Web Information Systems Engineering, USA:Jun. 2000:138– 145.
[80] Jingzhu Wang, Sylvia L. Osborn. A role-based approach to access control for XML databases[C]. Proceedings of the ninth ACM symposium on Access control models and technologies, USA: New York. 2004:70-77.
[81] Zhang Xinwen,Park J.,Sandu R.. Schema Based XML Security:RBAC Approach[C].In:17th IFIP WG11.3 Working Conference on Data and Application Security. USA: Estes Park,Colorado ,2003.
[82]叶春晓.基于角色访问控制(RBAC)中属性约束委托模型研究[D].博士论文.重庆大学.2005.10.
[83] Bonati P., De Capttani Di Vimercati, S.at,al. A modular approach to composing access control policies[C]. In Proceedings of the Seventh ACM Conference on Computer and Communication Security (CCS 2000) , Greece :Athens, 2000, 164–173.
[84] Bonati P., De Capttani Di Vimercati, S.at,al. An algebra for composing access control policies[J]. ACM Transactions on Information andSystem Security, 2002, 5(1):1~35.
[85] Wijesekera,D., Jajodia,S.. A propositional policy algebra for access control[J]. ACM Transactions on Information and Systems Security (TISSEC), 2003,6(2):286–325.
[86] Damianou, N.C., Tonouchi, T., Dulay, N.,at al. Tools for Domain-Based Policy Management of Distributed Systems[C]. Proc. IEEE/IFIP Network Operations and Management Symp., Apr, 2002.
[87] Damianou, N.C.. A Policy Framework for Management of Distributed Systems[D]. PhD thesis, Imperial College of Science,Technology and Medicine, Univ. of London, U.K., 2002.
[88] Jajodia, S.,P. Samarati, V. S. Bertino,E.. A unified framework for enforcing multiple access control policies[J]. ACM transaction on Database Systems, 2001, 26(2):214-260.
[89] Omkar,J., TilakRajeev,R., RajeXukai,Zou. Composing Access Control Policies of Distributed Components[C]. Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing. IEEE Computer Society, USA: Washington, DC, .2006,301– 307.
[90] Siewe Antonio F., Hussein Zedan C.. A compositional framework for access control policies enforcement[C]. Proc. Formal methods in security engineering. Washington, D.C. 2003,32-42.
[91] Bruns,G., Daniel S., Michael Huth,D.. A simple and expressive semantic framework for policy composition in access control[C]. Proceedings of the 2007 ACM workshop on Formal methods in security engineering . USA:Virginia.2007, 12– 21.
[92] Bertino,E.,Catania,B.,Ferrari,E.,at,al. A System to Specify and Manage Multipolicy Access Control Models. Policy[J]. Third IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'02),2002,01-16.
[93] David F., Ferraiolo,Gavrila,S., at al.Composing and Combining Policies under the Policy Machine[C]. Proceedings of the tenth ACM symposium on Access control models and technologies table of contents Sweden :Stockholm, 2005:11 - 20 .
[94] Moszkowski,B. Executing Temporal Logic Programs[M].Cambridge University Press, England, 1986.
[95] Hai Jin, Weizhong Qiang, Xuanhua Shi ,at al.RB-GACA: A RBAC based grid access control architecture[J].International Journal of Grid and Utility Computing,2005,1(1):61-70..
[96] Wei Zhou, Meinel, C., Vinesh H.. A Framework for Supporting Distributed Access Control Policies[C]. Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005).2005, 442– 447.
[97] Frank V., Harmelen. The Semantic Web: What, Why, How and When[J]. IEEE Computer Society, 2004,5(3):1-4.
[98] Gomez Perez A., Corcho,O.. Ontology Languages for the Semantic Web[J]. IEEE Intelligent Systems, 2002:54-60.
[99] Brewster,C., Kieron,Hara,O.. Knowledge Representation with Ontologies: The Present and Future[J]. Intelligent Systems, IEEE Computer Society.2004,72-81.
[100] Stevens, Carole, R.. What is an ontology ?[A]. http://www.cs.man.a c.uk/~stevensr/onto/node3.html/.
[101] http://bbs.w3china.org/.
[102] Agarwal, M., Parashar,M.. Enabling autonomic compositions in grid environments[C]. Grid Computing.Proceedings Fourth International Workshop on. 2003,17: 34– 41.
[103]孙宇清.协同环境中访问控制模型与技术研究[D].博士论文.山东.山东大学.2006,25~27.
[104]许峰,赖海光,黄皓.等.面向服务的角色访问控制技术研究[J].计算机学报. 2005:28(4):686~693.
[105] Su Cheng, Haw,G. S. V.. A Comparative Study and Benchmarking on XML Parsers[J]. Gangwon-Do .2007, 1: 321-325.
[106] Slominski, A.. Design of a Pull and Push Parser System for Streaming XML[A],2001. http://www.extreme.indiana.edu/xgws/papers/xml_push_pull/.
[107] Zisman, A.. An Overview of XML, Computing & Control Engineering Journal[J]. 2000, (8):165-167.
[108] Karre, S. and Elbaum, S.. An Empirical Assessment of XML Parsers[J]. 6th Workshop on Web Engineering, 2002,39-46.
[109] Michael, C..XML Parser Comparison[A],2000. http://www.webreference.com/ xml/column22/2.html/.
[2]桂小林,网格技术导论[M].北京邮电大学出版社,2005年.
[3] Humphrey,M.,Thompson,M.R.,Jackson,K.R..Security for Grids[C].IEEE Computer. 2005, 93(3):644– 652.
[4] Enterprise Grid Security Requirements[A]. 2005. www.ogf.org/documents/ ega-grid_ security _ requirements- v1Approved.pdf
[5] Humphrey,M., Thompson,M.. Security implications of typicalgrid computing usage scenarios[C]. in Proc. 10th Int. Symp. High PerformanceDistributed Computing (HPDC), San Francisco, CA. 2001,7–9.
[6] Landwehr,C.. Computer Security[J].Int.J.Inf.Security,2001,(1):3-13.
[7] Dwoskin, J., Basu,S., Talwar, V.,at al. Scoping Security Issues for Interactive Grids[C].Signals,Systems and Computers, 2003. Conference Record of the Thirty-Seventh Asilomar Conference .IEEE Computer.2003, 1: 367-373.
[8] Nagaratnam, N., Janson,P., Foster, I.,at.al. The Security Architecture for Open Grid Services Version. 1[A]. 2002. http://www.globus.org/ogsa/Security/OGSA-SecArch-v1- 07192002.pdf.
[9] Foster,I., Kesselman,C., Tsudik,G.,at al. A Security Architecture for Computational Grids[C]. 5th ACM Conference on Computer and Communication Security. USA:San Francisco,. 1998,83-92.
[10] WebSphere Version 6. Web Services Handbook Development and Deployment[A]. http://www.ibm.com/redbooks/.
[11] Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)[A]. OASIS Standard Specification, 1 February 2006. http://docs.oasis-open.org/wss/v1.1/
[12] http://www.oasis-open.org/.
[13] http://www.ggf.org/.
[14] Foster, I., Kesselman, C.,Tuecke, S..The Anatomy of the Grid: Enabling Scalable Virtual Organizations[J]. International Journal of High Performance Computing Applications, 2001, 15 (3), 200-222.
[15]羌卫中,金海,石宣化等.基于分布式信任管理机制的网格授权研究[J].华中科技大学学报(自然科学版). 2005,33(12):115-117.
[16]钟勇,秦小麟,郑吉平.一种灵活的使用控制授权语言框架研究[J].计算机学报.2006,29(8):1408-1417.
[17] Chadwick,D.. Authorisation in Grid computing[R]. Information Security Technical Report 2005 ,10:33-40.
[18] Sandhu, R.. The OM-AM and the RBAC way[C]. Engineering Authority and Trust in Cyberspace, In Proceeding of RBAC 2000,Germany: Berlin, 2000.
[19] IBM, Microsoft and VeriSign. Web ServicesSecurity Language (WS-Security)[A]. 2002. http: //specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf/.
[20] Security Assertion Markup Language(SAML) 1.0 Specification[A]. OASIS, November 2002. http://www.oasisopen.org/committees/security/.
[21] IBM, Microsoft, RSA Security and VeriSign.Web Services Secure Conversation Language (WS-SecureConversation) Version 1.0[A]. http://specs.xmlsoap.org/ ws/2005/02/ sc/WS-SecureConversation.pdf/.
[22] Simple Object Access Protocol (SOAP) 1.1[A].2003. http: // www.w3.org/TR/SOAP/.
[23] IBM,Microsoft, RSA Security and Veri-Sign.Web Services Trust Language (WS-Trust)[A]. http: //specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf/.
[24] eXtensible Access Control Markup Language(XACML) 1.0 Specification[A].OASIS, February 2003. http://www.oasisopen.org/committees/xacml/.
[25] Graham, S., Simeonov, S., Boubez, T.,at al. Building Web Services withJava: Making Sense of XML, SOAP, WSDL,and UDDI[A]. Sams, 2004.
[26] http://www.globus.org/
[27] Butler, R., Engert, D., Foster, I.,at al. National-Scale Authentication Infrastructure[J].IEEE Computer, 2000.33(12). 60-66.
[28] Foster, I., Kesselman, C., Tsudik, G. ,at al. A Security Architecture for Computational Grids[C]. ACM Conference onComputers and Security, 1998,83-91.
[29] CCITT Recommendation X.509: The Directory– Authentication Framework[A]. 1988.
[30] Dierks, T. and Allen, C. The TLS Protocol Version 1.0[A]. IETF. 1999. http://www.ietf.org/ rfc/rfc2246.txt/.
[31] Tuecke, S., Engert, D., Foster, I., at al. Internet X.509 Public Key Infrastructure Proxy Certificate Profile[A]. IETF. Draft draft-ietf- pkix-proxy-01.txt, 2001.
[32] Pearlman, L., Welch, V., Foster, I.,Kesselman, C. at al. A Community Authorization Service for Group Collaboration[C]. IEEE 3rd International Workshop on Policies for DistributedSystems and Networks,USA :Monterey, 2002,50-59.
[33] Welch1,V., Siebenlist,F., Foster,I.,at.al. Security for Grid Services[C]. High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.2003,48-57.
[34] The Globus Security Team.Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective[A]. http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI- Overview. pdf/.
[35] VOMS Architecture v1.1[A]. http://gridauth.infn.it/docs/VOMS-v1_1.pdf/.
[36] Data Grid Project[A]. http://www.eu-datagrid.org/.
[37] Thompson,M., Essiari,A., Mudumbai,S..Certificate-based authorization policy in a PKI environment[J].ACM Transactions on Information and System Security, 2003,6(4):566-588.
[38] Chadwick,D. W., Otenko,A.. The PERMIS X.509 Role Based Privilege Management Infrastructure[C]. 7th ACM Symposium on Access Control Models and Technologies, USA:Monterey, 2002.
[39] Stell,A..J., Sinnott Dr,R..O., Watt Dr,J.P.. Comparison of Advanced Authorisation Infrastructures for Grid Computing[C]. Proceedings of the 19th International Symposium on High Performance Computing Systems and Applications (HPCS’05).2005,195-201.
[40] http://www.condor-g.org/.
[41] Frey,J., Tannenbaum,T., Foster,I.,at al.Condor-G: A Computation Management Agent for Multi-Institutional Grids[C]. Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, August 2001.
[42] http://www.legion.org/.
[43] Wm,A. Wulf.Chenxi Wang,Kienzle D..A New Model of Security for Distributed Systems[A].1995. http://legion.virginia.edu/papers/CS-95-34.pdf/.
[44]徐志伟,李晓林,游赣梅.织女星信息网格的体系结构研究[J].计算机研究与发展, 2002, 39 (8) : 948~951.
[45]张纲,李晓林,游赣梅,徐志伟.基于角色的信息网格访问控制的研究[J].计算机研究与发展. 2002,39(8):952-956.
[46] Foster, I., Kesselman, C., Tsudik, G. and Tuecke, S.The physiology of the grid:an open grid services architecture for distributed systems integration[A]. 2002。http://www.globus.org/ reaearch/papers/ogsa.pdf/.
[47] Gladney H. M., Meyers J. J., Worley E. L.. Access control mechanism for computing resources[J]. IBM Systems Journal ,1975 , 14 (3) : 212~228.
[48] Anderson J . P.. Computer security technology planning study[R].Air Force Electronic Systems Division , Hanscom AFB , Bedford , MA : Technical Report ESDTR 273251 , 1972.
[49] Department of Defense()DOD). Trusted Computer System Evaluation Criteris(TCSEC) (DoD5200.28-STD1985)[A]. Fort Meade, MD: Department of Defense, 1985.
[50] Sandhu, R.S., Coyne,E.J., Feinstein, H.L., at,al. Role-Based access control models[J]. IEEE Computer,1996,29(2):38~47.
[51] Moyer, M.J.. Ahamed,M.. Generalized role-based access control[C]. In: Proc.the 21st Int’1 Conf. Distributed Computing Systems. Phoenix: IEEE Press,2001, 391~398.
[52] Ferraiolo,D., Kuhn,R.. Role-based access controls[C]. In : Proceedings of the 15th NIST2NCSC National Computer Security Conference , Baltimore , MD , 1992 , 554~563.
[53] Ferraiolo D. F., Sandhu R., Guirila S.,at al. Chandramouli R. Proposed NIST standard for role-based access control [J]. ACM Transactions on Information and System Security , 2001 , 4(3) : 224~274.
[54] Sandhu,R., Qanner Munawer,B.. The ARBAC97 model for role-based administration of roles [J]. ACM Trans on Information and Systems Security(TISSEC), 1999,2(1):105-135.
[55] Sandhu,R., Qanner Munawer,B. The ARBAC99model for administration of roles [C].The 15th Annual Computer Security Applications Conference (ACSAC’99). USA :Scottsdale, Arizona,1999.
[56] Crampton, J., Loizon,G,. Administrative scope: A foundation for role-based administrative models[J]. ACM Trans on Information and System Security,2003,6(2):201-231.
[57] Sejong,O., Sandhu, R..A model for role administration using organization structure [C]. The 7th ACM Symp on Access Control Models and Technologies (SACMAT 2002). USA: California,2002.
[58]黄益民,平玲娣,潘雪增.一种基于角色的访问控制扩展模型及其实现[J].计算机研究与发展.2003,40 (10):1521-1527.
[59]龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展.2005.42(5):868-876.
[60]叶春晓,吴中福,符云清,等.基于属性的扩展委托模型[J].计算机研究与发展.2006, 43(6): 1050~1057.
[61] Senzhang, G., parashar,M.. Dynamic Context-aware Access Control for Grid Applications. Grid Computing[C]. Proceedings. Fourth International Workshop, 2003,17:101– 108.
[62] Moyer, M.J., Ahamed,M.. Generalized role-based access control[C]. In: Proc.the 21st Int’1Conf. Distributed Computing Systems. Phoenix,IEEE Press, 2001.391-398.
[63] Wang, L.,Wijesekera, D., Jajodia, S.. A logic-based framework for attribute based access control[C]. In Proceedings of the 2004 ACM workshop on Formal methods in security engineering, 2004.
[64] Zhang Xinwen Li Yingjiu. ABAM: An Attribute-Based Access Matrix Model[C]. In: Proceedings of the 2005 ACM symposium on Applied computing, ACM Press, New York,2005,359– 363.
[65] Eric Y., Jin T.. Attributed Based Access Control (ABAC) for Web Services[C]. In: Proceedings of the IEEE International Conference on Web Services (ICWS’05). Washington. IEEE Computer Society Press.2005,561-569.
[66]张煜,张文燚,李先贤.多自治域协同环境下群组通信的安全访问控制[J].计算机研究与发展. 2005, 42(9): 1558~1563.
[67]陈颖,杨寿保,郭磊涛.网格环境下的一种动态跨域访问控制策略[J].计算机研究与发展. 2006, 43(1): 1863~1869.
[68]孙为群,单保华,张程,等.一种基于角色代理的服务网格虚拟组织访问控制模型[J].计算机学报. 2006:29(7):1199~1208.
[69] Li,N., Mitchell,J.C .RT:a role-based trust—management framework[C].∥Seamonst K E,ed.Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX’03).Washington:IEEE Press, 2003,214-226.
[70] Bo L., Foster, I., Siebenlist, F.,et al. Attribute Based Access Control for Grid Computing[C]. Grid Computing, 2003. Proceedings. Fourth International Workshop, 2003, 17: 101-108.
[71] Mohammad A., Kahtani, A., Sandhu, R..A Model for Attribute-Based User-Role Assignment[C].Annual Computer Security Applications Conference, 2002.
[72] Godik, S., Moses, eds,T..OASIS eXtensible Access Control Markup Language XACML)Version 1.1[A]. Committee Specification, 7 August 2003,. http://www.oasis- open.org/ committees/xacml/ repository/ cs-xacml-specification-1.1.pdf/.
[73] Godik, S., Moses, eds,T.. OASIS eXtensible Access Control Markup Language (XACML)Version 1.0[A]. OASIS Standard, 18 February 2003. http://www.oasis- open.org/committees/download.php/2406/oasis-xacml-1.0.pdf.
[74] Godik, S., Moses, eds,T..OASIS eXtensible Access Control Markup Language XACML)Version 2.0[A]. Committee Draft 01, 16 September 2004. http://docs.oasis- open.org/xacml/access_control-xacml-2.0-core-spec-cd-01.pdf/.
[75] Godik, S., Moses, eds,T..OASIS eXtensible Access Control Markup Language (XACML)Version 2.0[A]. OASIS Standard, OASIS Standard, 1 Feb 2005.http://docs. oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf/.
[76] Godik, S., Moses, eds,T..OASIS Hierarchical resource profile of XACMLv2.0[A]. OASIS Standard, OASIS Standard, 1 Feb 2005. http://docs.oasis-open.org/xacml/ 2.0/access_control- xacml-2.0-hier-profile-spec-os.pdf/.
[77] Bray, T., Paoli, J., Sperberg,M.,C., at al. Extensible Markup Language (XML) version 1.0[C]. 3rd edition, 2004. http://www.w3.org/ TR/REC-xml/ W3 Consortium Recommendation/.
[78]李斓,何永忠,冯登国,等.面向XML文档的细粒度强制访问控制模型[J].软件学报. 2004 ,10:106-115.
[79] Hao He, Wong, R.K.. A role-based access control model for XML repositories[C]. Proceedings of the First International Conference on Web Information Systems Engineering, USA:Jun. 2000:138– 145.
[80] Jingzhu Wang, Sylvia L. Osborn. A role-based approach to access control for XML databases[C]. Proceedings of the ninth ACM symposium on Access control models and technologies, USA: New York. 2004:70-77.
[81] Zhang Xinwen,Park J.,Sandu R.. Schema Based XML Security:RBAC Approach[C].In:17th IFIP WG11.3 Working Conference on Data and Application Security. USA: Estes Park,Colorado ,2003.
[82]叶春晓.基于角色访问控制(RBAC)中属性约束委托模型研究[D].博士论文.重庆大学.2005.10.
[83] Bonati P., De Capttani Di Vimercati, S.at,al. A modular approach to composing access control policies[C]. In Proceedings of the Seventh ACM Conference on Computer and Communication Security (CCS 2000) , Greece :Athens, 2000, 164–173.
[84] Bonati P., De Capttani Di Vimercati, S.at,al. An algebra for composing access control policies[J]. ACM Transactions on Information andSystem Security, 2002, 5(1):1~35.
[85] Wijesekera,D., Jajodia,S.. A propositional policy algebra for access control[J]. ACM Transactions on Information and Systems Security (TISSEC), 2003,6(2):286–325.
[86] Damianou, N.C., Tonouchi, T., Dulay, N.,at al. Tools for Domain-Based Policy Management of Distributed Systems[C]. Proc. IEEE/IFIP Network Operations and Management Symp., Apr, 2002.
[87] Damianou, N.C.. A Policy Framework for Management of Distributed Systems[D]. PhD thesis, Imperial College of Science,Technology and Medicine, Univ. of London, U.K., 2002.
[88] Jajodia, S.,P. Samarati, V. S. Bertino,E.. A unified framework for enforcing multiple access control policies[J]. ACM transaction on Database Systems, 2001, 26(2):214-260.
[89] Omkar,J., TilakRajeev,R., RajeXukai,Zou. Composing Access Control Policies of Distributed Components[C]. Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing. IEEE Computer Society, USA: Washington, DC, .2006,301– 307.
[90] Siewe Antonio F., Hussein Zedan C.. A compositional framework for access control policies enforcement[C]. Proc. Formal methods in security engineering. Washington, D.C. 2003,32-42.
[91] Bruns,G., Daniel S., Michael Huth,D.. A simple and expressive semantic framework for policy composition in access control[C]. Proceedings of the 2007 ACM workshop on Formal methods in security engineering . USA:Virginia.2007, 12– 21.
[92] Bertino,E.,Catania,B.,Ferrari,E.,at,al. A System to Specify and Manage Multipolicy Access Control Models. Policy[J]. Third IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'02),2002,01-16.
[93] David F., Ferraiolo,Gavrila,S., at al.Composing and Combining Policies under the Policy Machine[C]. Proceedings of the tenth ACM symposium on Access control models and technologies table of contents Sweden :Stockholm, 2005:11 - 20 .
[94] Moszkowski,B. Executing Temporal Logic Programs[M].Cambridge University Press, England, 1986.
[95] Hai Jin, Weizhong Qiang, Xuanhua Shi ,at al.RB-GACA: A RBAC based grid access control architecture[J].International Journal of Grid and Utility Computing,2005,1(1):61-70..
[96] Wei Zhou, Meinel, C., Vinesh H.. A Framework for Supporting Distributed Access Control Policies[C]. Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005).2005, 442– 447.
[97] Frank V., Harmelen. The Semantic Web: What, Why, How and When[J]. IEEE Computer Society, 2004,5(3):1-4.
[98] Gomez Perez A., Corcho,O.. Ontology Languages for the Semantic Web[J]. IEEE Intelligent Systems, 2002:54-60.
[99] Brewster,C., Kieron,Hara,O.. Knowledge Representation with Ontologies: The Present and Future[J]. Intelligent Systems, IEEE Computer Society.2004,72-81.
[100] Stevens, Carole, R.. What is an ontology ?[A]. http://www.cs.man.a c.uk/~stevensr/onto/node3.html/.
[101] http://bbs.w3china.org/.
[102] Agarwal, M., Parashar,M.. Enabling autonomic compositions in grid environments[C]. Grid Computing.Proceedings Fourth International Workshop on. 2003,17: 34– 41.
[103]孙宇清.协同环境中访问控制模型与技术研究[D].博士论文.山东.山东大学.2006,25~27.
[104]许峰,赖海光,黄皓.等.面向服务的角色访问控制技术研究[J].计算机学报. 2005:28(4):686~693.
[105] Su Cheng, Haw,G. S. V.. A Comparative Study and Benchmarking on XML Parsers[J]. Gangwon-Do .2007, 1: 321-325.
[106] Slominski, A.. Design of a Pull and Push Parser System for Streaming XML[A],2001. http://www.extreme.indiana.edu/xgws/papers/xml_push_pull/.
[107] Zisman, A.. An Overview of XML, Computing & Control Engineering Journal[J]. 2000, (8):165-167.
[108] Karre, S. and Elbaum, S.. An Empirical Assessment of XML Parsers[J]. 6th Workshop on Web Engineering, 2002,39-46.
[109] Michael, C..XML Parser Comparison[A],2000. http://www.webreference.com/ xml/column22/2.html/.