摘要
OAuth(Open standard for Authorization)是一种基于Web的用于开放授权的互联网标准协议,在众多基于Web的应用平台中得到广泛应用,但是该机制应用在WoT架构下时面临许多挑战.其一,在OAuth协议的应用场景中,一般不会出现用户作为部分资源的拥有者,同时又作为其他资源的使用者的情况,所以OAuth协议不能适应WoT架构下用户多角色的特点.其二,OAuth协议本身并没有提供流量控制功能,而在WoT架构下泛在资源供应者需要通过流量控制来防止用户进行恶意访问.本文新提出了一种WoT架构下面向多角色用户的资源访问控制方法,解决了现有协议不能满足WoT架构下用户具有多种角色的特性,并且可以满足资源提供者进行流量控制的要求.
OAuth is an open standard for authorization based on Web, which has been widely used in many Web-based applications. However,it appears to face many challenges when applied in WoT architecture. On one hand, as the user in the OAuth scenarios can not be the owner of parts of the resource and the user of other resources at the same time, OAuth can not fit into the multi-role user in WoT architecture. On the other hand, OAuth doesn' t provide flow control whereas the provider of the resource need to control the flow to prevent users from malicious access in WoT architecture. The newly proposed resource access control method for the multi- roles user in WoT architecture resolves the problem that OAuth doesn ' t fit into the case that the user has multiply roles, and it can control the flow at the same time.
出处
《小型微型计算机系统》
CSCD
北大核心
2017年第4期772-775,共4页
Journal of Chinese Computer Systems
基金
安徽省自然科学基金项目(1408085MKL08)资助
关键词
WOT
用户多角色
资源鉴权
流量控制
WoT
multi-roles user
resource authentication
flow control
