面向服务计算的安全策略研究
|
摘要
面向服务计算是当前工业界与学术界备受关注的主题,也是未来的发展趋势。它倡导以服务及其组合为基础构造应用的开发模式,标准化、松耦合及透明的应用集成方式是其重要特征,这些特征有助于提高应用系统的互操作能力、敏捷性及集成能力。服务计算是基于面向服务架构的计算模式,面向服务架构将应用程序的不同功能单元划分为服务,这些服务之间通过定义良好的接口和契约联系起来,这使得构建在各种这样的系统中的服务可以以一种统一和通用的方式进行交互,而且可以支持企业随需应变的敏捷性和先进的软件外包管理模式。
面向服务计算是以标准的方式支持系统的开放性,进而使相关技术与系统具有长久的生命力。随着面向服务架构技术的发展,面向服务计算的安全性已经成为重要问题。安全性和开放性本质上的对立,限定了可实现的安全性的程度,因此如何在可访问性与访问限制之间建立一个合理的平衡是面向服务计算的安全策略迫切需要研究的问题。?
随着面向服务架构的分布式计算的发展,对访问控制也提出了新的要求。访问控制是最重要的安全技术之一,也是可信计算机系统评估标准(TESEC)中评价系统安全的主要指标之一。与传统的分布式系统相比,面向服务架构的分布式系统,由于计算环境的异构性和主体操作方式的多样性,提出请求的主体和提供服务资源的客体都具有较高的动态特性。这就要求访问控制机制应该能够动态地适应这种变化,能够根据安全相关的环境做出其访问控制决策。?
本文的主要工作:
1.对面向服务计算的安全性需求进行了分析,结合访问控制技术的发展趋势,对基于角色的访问控制、基于团队的访问控制和基于任务的访问控制进行了细致的研究,总结分析了各模型的优缺点及其局限性。?
2.重点对现有的面向服务的访问控制进行了研究,提出了一个面向服务计算的新的访问控制模型(RH-SOCAC)。该模型将服务间交互看作是双方平等地服务于应用系统的一个过程,而非直接地调用与被调用。
3.在模型中引入了角色分层的概念,通过鉴别机制为服务赋予不同层次的角色,作为绑定上下文的参数,为细粒度策略的实施提供了支持,从而简化了管理,增强了系统的可理解性,并将模型应用于实例加以说明。?
4.阐述了语义Web服务对于面向服务计算的安全方面的影响。通过基于本体的方式来描述Web服务的安全策略,为服务计算的安全提供了语义描述,从而能够提供在语义层次上对安全性的推理,同时也符合语义Web的发展趋势,不仅使网络面向服务,而且可以使服务具有机器可理解的语义。?
5.通过分析面向服务环境中本体在安全方面所起到的积极的作用,本文用安全本体来实现一种表示安全需求和安全能力的方法,对Web服务和代理进行访问控制、数据的完整性、授权等安全描述。并且对安全本体进行了扩展,在安全本体中添加了策略说明,使得在描述语义Web服务的安全需求时具有更好的灵活性、多样性以及互操作性。?
The subject of Service-Oriented Computing (SOC) receives a wide publicity of the industrial and the academia. SOC is a new computing paradigm that utilizes services as the basic constructs to support the development of rapid, low-cost and easy composition of distributed applications even in heterogeneous environments. SOC relies on the Service Oriented Architecture (SOA), which is a way of reorganizing software applications and infrastructure into a set of interacting services. SOA is a flexible set of design principles used during the phases of systems development and integration. A deployed SOA-based architecture will provide a loosely-integrated suite of services that can be used within multiple business domains. SOA defines how to integrate widely disparate applications for an application that is Web based and uses multiple implementation platforms. Rather than defining an API, SOA defines the interface in terms of protocols and functionality. An endpoint is the entry point for such an SOA implementation.
SOC supports openness of system in the form of standard. With the development of SOA, the security of SOC becomes a key problem. In nature, security is opposite to openness, so how to build a reasonable balance between accessibility and access restriction is the problem cry for solve to security policy of SOC.
With the development of SOA, make a claim for access control. Access control is one of the security technologies and one of the crucial targets of TESEC. Compared with the traditional distributed systems, distributed systems based-SOA possesses a high dynamic performance for tactility of computing environment and the multiformity of the main mode of operation. This asks for access control mechanism can make a decision according to the security environment.
The mainly innovative work as followings:
1.Analyzed security demands of the SOC,On the basis of the present access control models to be researched,this thesis analyzes the superiorities and its limitations of each kind of model, and make a intensive study for RBAC、TMAC and TBAC.
2.According to the characteristics and the demands of access control under the enterprise environment, priority of research is service-oriented access control. Proposed a new service oriented computing access control model based on RBAC (RH-SOCAC).
3.This model considers web-based service access control, introduced role hierarchy and depends on the strengths of identification mechanisms as a context-dependent parameter. Furthermore shows how to model for this context-dependent access control by using role-based concepts. By using a BindingContext matching mechanism supported a fine-grained access control.
4.Expound the significant effects of the semantic web service for the security of SOC. Characteristic the security policy of web service in the form of ontology, provide semantic description for the security of service computing, so that provides security reasoning and made services have machine understandable semantics.
5.This thesis through analysis the security ontology illustrated the description of the semantic web services and extended the OWL-S. And with the policy illustration that implement semantic description of the security services.
面向服务计算是以标准的方式支持系统的开放性,进而使相关技术与系统具有长久的生命力。随着面向服务架构技术的发展,面向服务计算的安全性已经成为重要问题。安全性和开放性本质上的对立,限定了可实现的安全性的程度,因此如何在可访问性与访问限制之间建立一个合理的平衡是面向服务计算的安全策略迫切需要研究的问题。?
随着面向服务架构的分布式计算的发展,对访问控制也提出了新的要求。访问控制是最重要的安全技术之一,也是可信计算机系统评估标准(TESEC)中评价系统安全的主要指标之一。与传统的分布式系统相比,面向服务架构的分布式系统,由于计算环境的异构性和主体操作方式的多样性,提出请求的主体和提供服务资源的客体都具有较高的动态特性。这就要求访问控制机制应该能够动态地适应这种变化,能够根据安全相关的环境做出其访问控制决策。?
本文的主要工作:
1.对面向服务计算的安全性需求进行了分析,结合访问控制技术的发展趋势,对基于角色的访问控制、基于团队的访问控制和基于任务的访问控制进行了细致的研究,总结分析了各模型的优缺点及其局限性。?
2.重点对现有的面向服务的访问控制进行了研究,提出了一个面向服务计算的新的访问控制模型(RH-SOCAC)。该模型将服务间交互看作是双方平等地服务于应用系统的一个过程,而非直接地调用与被调用。
3.在模型中引入了角色分层的概念,通过鉴别机制为服务赋予不同层次的角色,作为绑定上下文的参数,为细粒度策略的实施提供了支持,从而简化了管理,增强了系统的可理解性,并将模型应用于实例加以说明。?
4.阐述了语义Web服务对于面向服务计算的安全方面的影响。通过基于本体的方式来描述Web服务的安全策略,为服务计算的安全提供了语义描述,从而能够提供在语义层次上对安全性的推理,同时也符合语义Web的发展趋势,不仅使网络面向服务,而且可以使服务具有机器可理解的语义。?
5.通过分析面向服务环境中本体在安全方面所起到的积极的作用,本文用安全本体来实现一种表示安全需求和安全能力的方法,对Web服务和代理进行访问控制、数据的完整性、授权等安全描述。并且对安全本体进行了扩展,在安全本体中添加了策略说明,使得在描述语义Web服务的安全需求时具有更好的灵活性、多样性以及互操作性。?
The subject of Service-Oriented Computing (SOC) receives a wide publicity of the industrial and the academia. SOC is a new computing paradigm that utilizes services as the basic constructs to support the development of rapid, low-cost and easy composition of distributed applications even in heterogeneous environments. SOC relies on the Service Oriented Architecture (SOA), which is a way of reorganizing software applications and infrastructure into a set of interacting services. SOA is a flexible set of design principles used during the phases of systems development and integration. A deployed SOA-based architecture will provide a loosely-integrated suite of services that can be used within multiple business domains. SOA defines how to integrate widely disparate applications for an application that is Web based and uses multiple implementation platforms. Rather than defining an API, SOA defines the interface in terms of protocols and functionality. An endpoint is the entry point for such an SOA implementation.
SOC supports openness of system in the form of standard. With the development of SOA, the security of SOC becomes a key problem. In nature, security is opposite to openness, so how to build a reasonable balance between accessibility and access restriction is the problem cry for solve to security policy of SOC.
With the development of SOA, make a claim for access control. Access control is one of the security technologies and one of the crucial targets of TESEC. Compared with the traditional distributed systems, distributed systems based-SOA possesses a high dynamic performance for tactility of computing environment and the multiformity of the main mode of operation. This asks for access control mechanism can make a decision according to the security environment.
The mainly innovative work as followings:
1.Analyzed security demands of the SOC,On the basis of the present access control models to be researched,this thesis analyzes the superiorities and its limitations of each kind of model, and make a intensive study for RBAC、TMAC and TBAC.
2.According to the characteristics and the demands of access control under the enterprise environment, priority of research is service-oriented access control. Proposed a new service oriented computing access control model based on RBAC (RH-SOCAC).
3.This model considers web-based service access control, introduced role hierarchy and depends on the strengths of identification mechanisms as a context-dependent parameter. Furthermore shows how to model for this context-dependent access control by using role-based concepts. By using a BindingContext matching mechanism supported a fine-grained access control.
4.Expound the significant effects of the semantic web service for the security of SOC. Characteristic the security policy of web service in the form of ontology, provide semantic description for the security of service computing, so that provides security reasoning and made services have machine understandable semantics.
5.This thesis through analysis the security ontology illustrated the description of the semantic web services and extended the OWL-S. And with the policy illustration that implement semantic description of the security services.
引文
[1] Papazoglou M P, Georgakopouls D. Service-Oriented Computing: Introduction Communications of the ACM, 2003,46(10):24-28.
[2] Papazoglou M P, van den Heuvel W. Service Oriented Architecture:approaches technologies and research issues. The VLDB Journal, 2007(16):389-415.
[3] Krafzig D, Banke K, Slama D. Enterprise SOA: Service-Oriented Architecture best practice. Prentice Hall,2004.
[4] Sudhir Agarwal,Barbara Sprick.Access control for semantic Web services. Proceedings of the IEEE International Conference on Web Services(ICW’04),San Diego, California, USA, 2004,770-773.
[5] Bhatti R.,Joshi J.B.D.,Bertino E.,ect.Access control in dynamic XML-based Web-services with XRBAC[C].Proceedings of 1st International Conference on Web Services,Las Vegas, 2003,243-249.
[6]许峰,赖海光,黄皓等.面向服务的角色访问控制技术研究[J].计算机学报, 2005, 28(4):686-693.
[7] Xu Feng, Xie Jun, Huang Hao, etc. Context-aware role-based access control model for web services [J]. Lecture Notes in Computer Science 3252, 2004, 430-436.
[8]杭园园.面向服务的角色访问控制技术应用研究[D].江南大学,硕士论文,2007.
[9]曹春,马晓星,吕建.SCoAC:一个面向服务计算的访问控制模型[J].计算机学报, 2006, 29(7):1209-1216.
[10]沈海波,洪帆.面向Web服务的基于属性的访问控制研究[J].计算机科学, 2006, 33(4):92-96.
[11] Mendling J,Strembedk M,Stermsek G,etc.An approach to extract RBAC models from BPEL4WS process. Proceedings of the 13th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprise (WET ICE’04), 2004:81-86.
[12] Neumann G,Strembeck M.An approach to engineer and enforce context cordially constraints in an RBAC environment.Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), 2003:65-79.
[13]冀高峰,汤庸,刘晓玲等.面向服务合成的访问控制技术研究[J].通信学报, 2006, 27(11):60-66.
[14] Tim Berners Lee,Hendler J.,Lassila O.The semantic Web.Scientific American, 2001, 284(5):34~43.
[15] Uschold M., Gruninger M. Ontologies: Principles,methods,and applications. Knowledge Engineering Review, 1996, 11(2):93~155.
[16] Bass L, Clements P, Kazman R. Software architecture in practice. 2nd ed. Addison Wesley Professional, 2003.
[17] Papazoglou M P, Georgakopouls D. Service-Oriented Computing: Introduction. Communications of the ACM, 2003, 46(10):24-28.
[18] Singh M P , Huhns M N. Service-Oriented Computing: semantics, processes, agents. John Wiley & Sons, Ltd. ,2005.
[19] Orlowska M E, Weerawarana S, et al. (Eds.). Proceeding of First International Conference on Service-Oriented Computing. Springer, 2007.
[20] Zhang LJ, Zhang J, et al. Service Computing. Springer, 2007.
[21]吴朝晖,邓水光,吴健.服务计算与技术[M].浙江:浙江大学出版社,2009.
[22] OASIS, Reference Model for Service Oriented Architecture 1.0, OASIS Standard,2006.
[23]周宇辰,刘昕鹏,王夕宁,薛亮.面向服务的计算(SOC):技术、规范与标准[M].北京:电子工业出版社,2010.
[24] W3C, Web Service Architecture,W3C Working Group Note 11 February 2004. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/.
[25] W3C. OWL Security Ontologies [EB/OL]. http://www.csl.sri.com/users/denker/owl-sec/Ontologies.
[26] Kraft, R.. Designing a Distributed Access Control Processor for Network Services on the web. In the Proeeedings of the 2002 ACM workshop on XML security, 2003:36-52, Farifax, VA.
[27] OASIS,eXtensible Access Control Markup Language, Version 1.0[S/OL]. OASIS Standard. http://www.oasis-open.org/committees/download.php 2406/oasis-xacml-1.0.pdf.
[28] OASIS, Profiles for the OASIS Security Assertion Markup Language (SAML) v2.0 [EB/OL]. http://docs.oasis-open.org/security/saml/2.0/saml-profiles-2.0-os.pdf.
[29] WS-Security. http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf.
[30] WS-Policy. http://www.w3.org/TR/ws-policy/.
[31] WS-Trust. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html.
[32] Christoph Schroth, Till Janner. Web 2.0 and SOA: Converging Concepts Enabling the Internet of Services [J]. IT Professional, 2007, 9(3):36-41.
[33] W3C.“Web Services Description Language (WSDL)”. 2001. http://www.w3.org/TR/WSDL/.
[34] W3C.“Universal Description, Discovery and Integration (UDDI)”. 2001. http://www.w3.org/TR/UDDI/.
[35] Ferraiolo David, Kuhn Richard. Role-based access controls.In: Proceedings of the 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, 1992:554-563.
[36] Ferraiolo D., Barkley J.F.,Kuhn R. A role-based access control model and reference implemention within a corporate intranet.ACM Transactions on Information and System Security, 1999, 2(1):34-64.
[37] Sandhu R., Coyne E.J., Feinstein H., etc. Role-based Access Control Models. IEEE Computer, 1996, 29(2):38-47.
[38] Roshna K. Thomas, Team-based Access Control: A primitive for applying role-based access control in collaborative environments. In: Proceedings of the 2nd ACM Workshop on Role-based Access Control, Fairfax, Virginia, United States, 1997.
[39] Weigang Wang, Team and role based organizational context and access control for cooperativehypermedia environment, ACM Hypertext 1999.
[40] Fahad T. Alotaiby, J. Chen, X. A model for team based access control (TMAC 2004). Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04).
[41]邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76-82.
[42] Periorellis P, Parastatidis S. Task-based access control for virtual organizations. LNCS, 2005, 3409: 38-47.
[43]洪帆,李静.基于任务的授权模型[J].计算机研究与发展,2002,39(8):998-1003.
[44] Martin Bichler, Kwei-Jay Lin. Service-Oriented Computing. Computer. 2006, 39(3):99-101.
[45] Lee TB, Hendler J, Lassila O. The Semantic Web. Scientific American, 2001, 5:34-43.
[46] Bhatti, R., Bertino, E., Ghafoor, A Trust-based Context-Aware Access Control Model for Web Services. In 3rd IEEE International Conference on web Services (ICWS’04), 2004, San Diego, CA.
[47] Fen Sel D, Hendler J, LIeberman H. Semantic Web Technology. Boston: MIT Press, 2002.
[48]邓志鸿,唐世渭,杨冬青.面向语义集成:本体在Web信息集成中的研究进展[J].计算机应用, 2002, 22(1):15-17.
[49]毛军.基于RDF的叙词表研究[J].情报学报,2003, 22(2):163-168.
[50]田稷.语义Web与网络信息和知识的表达[J].情报杂志,2003, 22(6):43-44.
[51]姚绍文,余江,周明天.面向语义Web的逻辑描述原语扩展[J].电子学报. 2002, 30(12):2115-2118.
[52]廖乐健,曹元大,么敬国,李守丽.一个语义Web架构及其实现[J].计算机工程与应用, 2003,(15):157-161.
[53]邓志鸿,唐世渭,张铭,杨冬青,陈捷. Ontology研究综述[J].北京大学学报(自然科学版),2002, 38(5):730-738.
[54] Web ontology working group. OWL [EB/OL]. http://www.w3.org/2001/sw/WebOnt/.November/Decem-ber: 67-73.
[55] DAML Services [EB/OL] .http://www.daml.org/services/owl-s/.
[56]杜小勇,李曼,王大治.语义Web与本体研究综述[J].计算机应用,2004,24(10):14-16.
[57]杨欣,沈建京.语义Web服务安全研究[J].计算机科学,2007, 34(2):115-118.
[58] M. BARTEL, J. BOYER, B. FOX, et al. Xml-signature syntax and processing [EB/OL].?http://www.w3.org/TR/xmldsig-core/#sec-X509Data
[2] Papazoglou M P, van den Heuvel W. Service Oriented Architecture:approaches technologies and research issues. The VLDB Journal, 2007(16):389-415.
[3] Krafzig D, Banke K, Slama D. Enterprise SOA: Service-Oriented Architecture best practice. Prentice Hall,2004.
[4] Sudhir Agarwal,Barbara Sprick.Access control for semantic Web services. Proceedings of the IEEE International Conference on Web Services(ICW’04),San Diego, California, USA, 2004,770-773.
[5] Bhatti R.,Joshi J.B.D.,Bertino E.,ect.Access control in dynamic XML-based Web-services with XRBAC[C].Proceedings of 1st International Conference on Web Services,Las Vegas, 2003,243-249.
[6]许峰,赖海光,黄皓等.面向服务的角色访问控制技术研究[J].计算机学报, 2005, 28(4):686-693.
[7] Xu Feng, Xie Jun, Huang Hao, etc. Context-aware role-based access control model for web services [J]. Lecture Notes in Computer Science 3252, 2004, 430-436.
[8]杭园园.面向服务的角色访问控制技术应用研究[D].江南大学,硕士论文,2007.
[9]曹春,马晓星,吕建.SCoAC:一个面向服务计算的访问控制模型[J].计算机学报, 2006, 29(7):1209-1216.
[10]沈海波,洪帆.面向Web服务的基于属性的访问控制研究[J].计算机科学, 2006, 33(4):92-96.
[11] Mendling J,Strembedk M,Stermsek G,etc.An approach to extract RBAC models from BPEL4WS process. Proceedings of the 13th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprise (WET ICE’04), 2004:81-86.
[12] Neumann G,Strembeck M.An approach to engineer and enforce context cordially constraints in an RBAC environment.Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), 2003:65-79.
[13]冀高峰,汤庸,刘晓玲等.面向服务合成的访问控制技术研究[J].通信学报, 2006, 27(11):60-66.
[14] Tim Berners Lee,Hendler J.,Lassila O.The semantic Web.Scientific American, 2001, 284(5):34~43.
[15] Uschold M., Gruninger M. Ontologies: Principles,methods,and applications. Knowledge Engineering Review, 1996, 11(2):93~155.
[16] Bass L, Clements P, Kazman R. Software architecture in practice. 2nd ed. Addison Wesley Professional, 2003.
[17] Papazoglou M P, Georgakopouls D. Service-Oriented Computing: Introduction. Communications of the ACM, 2003, 46(10):24-28.
[18] Singh M P , Huhns M N. Service-Oriented Computing: semantics, processes, agents. John Wiley & Sons, Ltd. ,2005.
[19] Orlowska M E, Weerawarana S, et al. (Eds.). Proceeding of First International Conference on Service-Oriented Computing. Springer, 2007.
[20] Zhang LJ, Zhang J, et al. Service Computing. Springer, 2007.
[21]吴朝晖,邓水光,吴健.服务计算与技术[M].浙江:浙江大学出版社,2009.
[22] OASIS, Reference Model for Service Oriented Architecture 1.0, OASIS Standard,2006.
[23]周宇辰,刘昕鹏,王夕宁,薛亮.面向服务的计算(SOC):技术、规范与标准[M].北京:电子工业出版社,2010.
[24] W3C, Web Service Architecture,W3C Working Group Note 11 February 2004. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/.
[25] W3C. OWL Security Ontologies [EB/OL]. http://www.csl.sri.com/users/denker/owl-sec/Ontologies.
[26] Kraft, R.. Designing a Distributed Access Control Processor for Network Services on the web. In the Proeeedings of the 2002 ACM workshop on XML security, 2003:36-52, Farifax, VA.
[27] OASIS,eXtensible Access Control Markup Language, Version 1.0[S/OL]. OASIS Standard. http://www.oasis-open.org/committees/download.php 2406/oasis-xacml-1.0.pdf.
[28] OASIS, Profiles for the OASIS Security Assertion Markup Language (SAML) v2.0 [EB/OL]. http://docs.oasis-open.org/security/saml/2.0/saml-profiles-2.0-os.pdf.
[29] WS-Security. http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf.
[30] WS-Policy. http://www.w3.org/TR/ws-policy/.
[31] WS-Trust. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html.
[32] Christoph Schroth, Till Janner. Web 2.0 and SOA: Converging Concepts Enabling the Internet of Services [J]. IT Professional, 2007, 9(3):36-41.
[33] W3C.“Web Services Description Language (WSDL)”. 2001. http://www.w3.org/TR/WSDL/.
[34] W3C.“Universal Description, Discovery and Integration (UDDI)”. 2001. http://www.w3.org/TR/UDDI/.
[35] Ferraiolo David, Kuhn Richard. Role-based access controls.In: Proceedings of the 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, 1992:554-563.
[36] Ferraiolo D., Barkley J.F.,Kuhn R. A role-based access control model and reference implemention within a corporate intranet.ACM Transactions on Information and System Security, 1999, 2(1):34-64.
[37] Sandhu R., Coyne E.J., Feinstein H., etc. Role-based Access Control Models. IEEE Computer, 1996, 29(2):38-47.
[38] Roshna K. Thomas, Team-based Access Control: A primitive for applying role-based access control in collaborative environments. In: Proceedings of the 2nd ACM Workshop on Role-based Access Control, Fairfax, Virginia, United States, 1997.
[39] Weigang Wang, Team and role based organizational context and access control for cooperativehypermedia environment, ACM Hypertext 1999.
[40] Fahad T. Alotaiby, J. Chen, X. A model for team based access control (TMAC 2004). Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04).
[41]邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76-82.
[42] Periorellis P, Parastatidis S. Task-based access control for virtual organizations. LNCS, 2005, 3409: 38-47.
[43]洪帆,李静.基于任务的授权模型[J].计算机研究与发展,2002,39(8):998-1003.
[44] Martin Bichler, Kwei-Jay Lin. Service-Oriented Computing. Computer. 2006, 39(3):99-101.
[45] Lee TB, Hendler J, Lassila O. The Semantic Web. Scientific American, 2001, 5:34-43.
[46] Bhatti, R., Bertino, E., Ghafoor, A Trust-based Context-Aware Access Control Model for Web Services. In 3rd IEEE International Conference on web Services (ICWS’04), 2004, San Diego, CA.
[47] Fen Sel D, Hendler J, LIeberman H. Semantic Web Technology. Boston: MIT Press, 2002.
[48]邓志鸿,唐世渭,杨冬青.面向语义集成:本体在Web信息集成中的研究进展[J].计算机应用, 2002, 22(1):15-17.
[49]毛军.基于RDF的叙词表研究[J].情报学报,2003, 22(2):163-168.
[50]田稷.语义Web与网络信息和知识的表达[J].情报杂志,2003, 22(6):43-44.
[51]姚绍文,余江,周明天.面向语义Web的逻辑描述原语扩展[J].电子学报. 2002, 30(12):2115-2118.
[52]廖乐健,曹元大,么敬国,李守丽.一个语义Web架构及其实现[J].计算机工程与应用, 2003,(15):157-161.
[53]邓志鸿,唐世渭,张铭,杨冬青,陈捷. Ontology研究综述[J].北京大学学报(自然科学版),2002, 38(5):730-738.
[54] Web ontology working group. OWL [EB/OL]. http://www.w3.org/2001/sw/WebOnt/.November/Decem-ber: 67-73.
[55] DAML Services [EB/OL] .http://www.daml.org/services/owl-s/.
[56]杜小勇,李曼,王大治.语义Web与本体研究综述[J].计算机应用,2004,24(10):14-16.
[57]杨欣,沈建京.语义Web服务安全研究[J].计算机科学,2007, 34(2):115-118.
[58] M. BARTEL, J. BOYER, B. FOX, et al. Xml-signature syntax and processing [EB/OL].?http://www.w3.org/TR/xmldsig-core/#sec-X509Data