公开(公告)号：US20080104708A1

公开(公告)日：2008-05-01

申请号：US11529954

申请日：2006-09-29

申请人： Florian Kerschbaum ,  Philip Robinson ,  Jochen Haller ,  Rafael Jose Deitos

发明人： Florian Kerschbaum ,  Philip Robinson ,  Jochen Haller ,  Rafael Jose Deitos

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F17/30 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00 ,  H04N7/16

CPC分类号： G06F21/62 ,  G06Q10/10 ,  H04L63/20

摘要： A comprehensive security architecture for a virtual organization (VO) is disclosed. The comprehensive security architecture uses the same security mechanism or substantially similar security mechanisms to control access to VO infrastructure services as it uses to control access to resource services. Infrastructure services are services used to change the state of the VO and to change membership in the VO. Resource services (e.g. processing a purchase order) are services used in furtherance of achieving the objectives of the VO (e.g. build an aircraft). A security mechanism prevents a service call from accessing the service called until the security mechanism has decided to authorize or deny the service call. A security mechanism may decide to authorize or deny the service call based on details of the service call, a set of role-based access policies, and attributes from the caller's credentials including the caller's role in the VO.

摘要翻译： 披露了虚拟组织（VO）的综合安全架构。 综合安全体系结构使用相同的安全机制或基本类似的安全机制来控制对VO基础设施服务的访问，因为它用于控制对资源服务的访问。 基础设施服务是用于改变VO的状态并改变VO中的成员资格的服务。 资源服务（例如处理采购订单）是用于促进实现VO目标的服务（例如构建飞机）。 安全机制防止服务呼叫访问所调用的服务，直到安全机制决定授权或拒绝服务调用。 安全机制可以基于服务呼叫的细节，一组基于角色的访问策略和来自呼叫者的凭证的属性（包括呼叫者在VO中的角色）来决定授权或拒绝服务呼叫。