制造网格安全技术的研究与实现
|
摘要
制造网格(MG)以网络化制造为基础,充分利用网格开放服务体系架构(OGSA)、通用的标准和规范、统一的开发平台和工具,以实现制造企业间的协同工作和资源共享为目标,是网格技术在制造业的具体应用。但是,随着网格的研究方向开始向商业服务转变,制造网格的应用向企业扩展,安全问题则凸显出来。正是对安全的普遍疑虑,使得制造网格的应用举步维艰。所以制造网格亟需建立一个健全的安全体系,它是网格技术能够实际运用于制造业的强有力的保障,对网格技术的发展有着重要的意义。只有提供了强壮的制造网格安全体系,制造网格才能持续不断的发展,才具备一定的应用价值。
正如互联网刚出现的时候,人们在强调共享性的同时忽略了安全性一样,目前网格的安全构架还不是十分完善。而且,制造网格系统具有制造业复杂性的特点,现有的网格安全技术不能满足制造网格的安全需求,人们对制造网格中安全保障的需求日益迫切。所以在研究制造网格体系结构及其实现技术的同时,很有必要开展制造网格系统安全性的研究。
论文首先从本体论(Ontology)出发,对制造网恪安全领域所涉及的概念、关系进行综合和抽象,提出了基于本体论的面向安全服务的制造网格模型(OBMGMS)。分析了制造网格中地理分布的联盟(Union)和节点(Cell)的组织单元特征以及以任务为中心的网络联盟的生物型动态组织(Unit)结构模式。提出了不同的制造资源类别体现了不同的资源属性特征并关联不同操作,需要定义不同的安全级别。说明了任务具有状态变迁特征,以及在制造网格中任务的分解粒度遵循承担节点唯一化原则。通过实体间的上下文(Context)关联关系来描述制造网洛的动态特征。OBMGMS的提出为制造网格安全系统的体系结构的建立以及身份认证和访问控制的实现奠定了理论基础。
基于制造网格体系结构,借鉴网格安全系统,针对制造业组织机构复杂,资源种类众多、协同合作周期长、范围广的的特性,建立了制造网格安全体系结构(MGSec)。MGSec安全基础设施层实现组织、用户、证书的管理,加速制造网格节点间合作的启动,节约启动成本。全局安全服务层支持制造网格上下文约束下的全局认证和授权。节点安全自治管理层自主控制共享服务,实现节点的策略管理,节点、用户间身份认证。安全服务入口层接受服务请求,用户、节点注册等。
在深入研究制造网格动态组织状态转换机制的基础上,提出制造网格身份认证模型(MGAu),实现不同的上下文约束下采用不同安全强度的身份认证。制造网格身份认证机制也为制造业中的虚拟企业合作提供了一种新的身份认证解决方案。制造网格中采用三种证书格式,其中用户的证书有效期与动态组织的生命周期关联,解决了制造网格动态、分布环境中证书的有效期问题。详细介绍了制造网格中的用户、节点、证书的管理方式以及制造网格中用户、节点间的认证过程。
制造网格的访问控制模型(MGAC)扩展了基于角色的访问控制模型(Role-based Access Control,RBAC),采用节点粗粒度、全局细粒度的访问控制策略,根据任务中需要的服务对应的执行组织机构及任务状态动态调整用户的可执行服务,最终在服务节点做出授权决策。全局细粒度的访问控制策略制定考虑了制造网格资源属性特征及基于服务层次关系的权限继承。节点粗粒度的访问控制策略基于节点和制造网格域的信任值的评估。采用两层角色管理分离了制造网洛业务角色和系统角色,提出了任务-角色模型解决动态制造网格环境中的业务角色管理问题。
最后,对本文研究内容进行了开发和实现,并通过在上海大学制造网格试验床中典型应用实例的试验性应用,验证了制造网格安全系统实施的可行性,获得了很多有价值的经验,为制造网格进一步完善和推广实施奠定了坚实的基础。
Based on the Networked Manufacturing (NM), with Open Grid Service Architecture (OGSA) as the system framework, and Globus Toolkit as the developing tools, some specifications as standard, Manufacturing Grid (MG) is the application of Grid technology in the manufacturing field to realize the resource sharing and collaborative working. However, for the MG, with the trend towards the application of business, the security is becoming more and more important. It is difficult for the MG to come into application because of doubt of security. Therefore, the reliable and extensive security architecture is significant for the MG, because it is the safeguard for the MG. Without the strong MG security architecture, it is impossible for the MG to come into business.
While sharing is put emphasis on, the security is ignored in the early phase of the Internet. Nowdays, the Grid has encounted the same problem. The Grid Security Architecture has not been perfect enough to meet the reality. Moreover, the MG is more complicated than the computing Grid, so the Grid Security Architecture could not satisfy the MG's requirement of security. Therefore, it is necessary for us to do some research work on the security of MG when we are developing the MG system.
Based on Ontology, this dissertation proposed the Ontology based Manufacturing Grid Model for Security (OBMGMS) to abstract and synthesize the concept and the relationship in the field of MG security. In OBMGMS, it introduces the character of distributed organization composed by the unit and cell in MG. The unit is task-centered and the cell is the organization which provides the service.Resources are various with different characters and related with different operations. Therefore, they should be defined different security level. In the MG, the task can be decomposed to subtasks, one of which is responsible for by the only one cell. There are contexts related to the entities which reflect the dynamic character of MG. The OBMGMS provides the theory for the foundation of the MG security architecture and the realization of authentication and authorization in the MG.
Based on the MG Architecture and OGSA, MG Security Architecture (MGSec) is proposed to meet the MG requirement according to the MG characteristic such as complicated organization structure, various manufacturing resource, long-term and large-scare involved cooperation. In the MGSec, there is Security Basic Infrastructure layer to realize the organization, certificate and policy management. With the help of this layer, it is easy to start the cooperation between the cells and it can reduce the cost of cooperation too. The layer of Global Security Service supports global authentication and authorization under the dynamic context. The Self-control Cell Layer realizes the local policy management, authorization and authentication between the cells and users. Users access the sharing service through the MGSec Portal.
After doing researches in the status of dynamic organization, a context-restricted authentication mechanism is proposed. This authentication can also be applied in the any other virtual organization system. There are three certificate formats in the MG, one of which is the user's short-term certificate. The validate time of the short-term user's certificate is related with the lifetime of unit which can solve the problem caused by the dynamic characteristic of MG. The authentication process between cells and users is introduced.
The Manufacturing Grid Access Control Model (MGAC) based on the Role-based Access Control (RBAC) adopts the global fine-degree and local coarse-degree authorization policy. The services which should be used in the task are enabled to use for the organization which is responsible for the task.The enabled property of the services should be adjusted when the status of tasks are transfer. The global fine-degree authorization policy considers the character of the resource type and service hiberarchy while the coarse-degree authorization policy is based on the trusts of the cells and unions. The system roles and business roles are managed apart, and the Task-Role Model is proposed to realize the management of the dynamic business roles.
Finally, the Manufacturing Grid security system is developed and implemented. Its feasibility and rationality are validated by building up a test-bed of Shanghai University, and the experiences obtained from which are quite useful for further application.
正如互联网刚出现的时候,人们在强调共享性的同时忽略了安全性一样,目前网格的安全构架还不是十分完善。而且,制造网格系统具有制造业复杂性的特点,现有的网格安全技术不能满足制造网格的安全需求,人们对制造网格中安全保障的需求日益迫切。所以在研究制造网格体系结构及其实现技术的同时,很有必要开展制造网格系统安全性的研究。
论文首先从本体论(Ontology)出发,对制造网恪安全领域所涉及的概念、关系进行综合和抽象,提出了基于本体论的面向安全服务的制造网格模型(OBMGMS)。分析了制造网格中地理分布的联盟(Union)和节点(Cell)的组织单元特征以及以任务为中心的网络联盟的生物型动态组织(Unit)结构模式。提出了不同的制造资源类别体现了不同的资源属性特征并关联不同操作,需要定义不同的安全级别。说明了任务具有状态变迁特征,以及在制造网格中任务的分解粒度遵循承担节点唯一化原则。通过实体间的上下文(Context)关联关系来描述制造网洛的动态特征。OBMGMS的提出为制造网格安全系统的体系结构的建立以及身份认证和访问控制的实现奠定了理论基础。
基于制造网格体系结构,借鉴网格安全系统,针对制造业组织机构复杂,资源种类众多、协同合作周期长、范围广的的特性,建立了制造网格安全体系结构(MGSec)。MGSec安全基础设施层实现组织、用户、证书的管理,加速制造网格节点间合作的启动,节约启动成本。全局安全服务层支持制造网格上下文约束下的全局认证和授权。节点安全自治管理层自主控制共享服务,实现节点的策略管理,节点、用户间身份认证。安全服务入口层接受服务请求,用户、节点注册等。
在深入研究制造网格动态组织状态转换机制的基础上,提出制造网格身份认证模型(MGAu),实现不同的上下文约束下采用不同安全强度的身份认证。制造网格身份认证机制也为制造业中的虚拟企业合作提供了一种新的身份认证解决方案。制造网格中采用三种证书格式,其中用户的证书有效期与动态组织的生命周期关联,解决了制造网格动态、分布环境中证书的有效期问题。详细介绍了制造网格中的用户、节点、证书的管理方式以及制造网格中用户、节点间的认证过程。
制造网格的访问控制模型(MGAC)扩展了基于角色的访问控制模型(Role-based Access Control,RBAC),采用节点粗粒度、全局细粒度的访问控制策略,根据任务中需要的服务对应的执行组织机构及任务状态动态调整用户的可执行服务,最终在服务节点做出授权决策。全局细粒度的访问控制策略制定考虑了制造网格资源属性特征及基于服务层次关系的权限继承。节点粗粒度的访问控制策略基于节点和制造网格域的信任值的评估。采用两层角色管理分离了制造网洛业务角色和系统角色,提出了任务-角色模型解决动态制造网格环境中的业务角色管理问题。
最后,对本文研究内容进行了开发和实现,并通过在上海大学制造网格试验床中典型应用实例的试验性应用,验证了制造网格安全系统实施的可行性,获得了很多有价值的经验,为制造网格进一步完善和推广实施奠定了坚实的基础。
Based on the Networked Manufacturing (NM), with Open Grid Service Architecture (OGSA) as the system framework, and Globus Toolkit as the developing tools, some specifications as standard, Manufacturing Grid (MG) is the application of Grid technology in the manufacturing field to realize the resource sharing and collaborative working. However, for the MG, with the trend towards the application of business, the security is becoming more and more important. It is difficult for the MG to come into application because of doubt of security. Therefore, the reliable and extensive security architecture is significant for the MG, because it is the safeguard for the MG. Without the strong MG security architecture, it is impossible for the MG to come into business.
While sharing is put emphasis on, the security is ignored in the early phase of the Internet. Nowdays, the Grid has encounted the same problem. The Grid Security Architecture has not been perfect enough to meet the reality. Moreover, the MG is more complicated than the computing Grid, so the Grid Security Architecture could not satisfy the MG's requirement of security. Therefore, it is necessary for us to do some research work on the security of MG when we are developing the MG system.
Based on Ontology, this dissertation proposed the Ontology based Manufacturing Grid Model for Security (OBMGMS) to abstract and synthesize the concept and the relationship in the field of MG security. In OBMGMS, it introduces the character of distributed organization composed by the unit and cell in MG. The unit is task-centered and the cell is the organization which provides the service.Resources are various with different characters and related with different operations. Therefore, they should be defined different security level. In the MG, the task can be decomposed to subtasks, one of which is responsible for by the only one cell. There are contexts related to the entities which reflect the dynamic character of MG. The OBMGMS provides the theory for the foundation of the MG security architecture and the realization of authentication and authorization in the MG.
Based on the MG Architecture and OGSA, MG Security Architecture (MGSec) is proposed to meet the MG requirement according to the MG characteristic such as complicated organization structure, various manufacturing resource, long-term and large-scare involved cooperation. In the MGSec, there is Security Basic Infrastructure layer to realize the organization, certificate and policy management. With the help of this layer, it is easy to start the cooperation between the cells and it can reduce the cost of cooperation too. The layer of Global Security Service supports global authentication and authorization under the dynamic context. The Self-control Cell Layer realizes the local policy management, authorization and authentication between the cells and users. Users access the sharing service through the MGSec Portal.
After doing researches in the status of dynamic organization, a context-restricted authentication mechanism is proposed. This authentication can also be applied in the any other virtual organization system. There are three certificate formats in the MG, one of which is the user's short-term certificate. The validate time of the short-term user's certificate is related with the lifetime of unit which can solve the problem caused by the dynamic characteristic of MG. The authentication process between cells and users is introduced.
The Manufacturing Grid Access Control Model (MGAC) based on the Role-based Access Control (RBAC) adopts the global fine-degree and local coarse-degree authorization policy. The services which should be used in the task are enabled to use for the organization which is responsible for the task.The enabled property of the services should be adjusted when the status of tasks are transfer. The global fine-degree authorization policy considers the character of the resource type and service hiberarchy while the coarse-degree authorization policy is based on the trusts of the cells and unions. The system roles and business roles are managed apart, and the Task-Role Model is proposed to realize the management of the dynamic business roles.
Finally, the Manufacturing Grid security system is developed and implemented. Its feasibility and rationality are validated by building up a test-bed of Shanghai University, and the experiences obtained from which are quite useful for further application.
引文
[1]Dab B,Liu F.Research on networked integrated manufacturing and the system[J].Xi Tong Gong Cheng Yu Dian Zi Ji Shu/Systems Engineering and Electronics,2001,23(8):12-14.
[2]刘飞,雷琦,宋豫川.网络化制造的内涵及研究发展趋势[J].机械工程学报,2003,39(8):1-6.
[3]刘丽兰.制造网格及其基于QoS的资源管理系统研究[D].上海:上海大学2004.
[4]Foster,C.Kesselman.The Grid:Blueprint for a New Computing Infrastructure[EB/OL].http://mkp.com/grids,http://www.gridforum.org/,http://www.ccgrid.org/,2002.
[5]Foster Ian,Carl Kesselman,Steven Tuecke.The Anatomy of the Grid[EB/OL].http://www.globus.org/alliance/publications/papers/anatomy.pdf,2002.
[6]刘鹏,网格发展趋势[EB/OL].http://www.chinagrid.net/grid/paperppt/AppAnalysis.doc
[7]Foster Ian.What is the Grid? A Three Point Checklist[EB/OL].http://www-fp.mcs.anl.gov/-foster/Articles/WhatIsTheGrid.pdf,2002.
[8]Carlisle Adams,Steve Lloyd著,冯登国等译.公开密钥基础设施-概念、标准和规范[M].北京:人民邮电出版社,2000.3-58.
[9]The Globus Project[EB/OL].http://www.globus.org/.
[10]WELCH V,SIEBENLIST F,Foster Ⅰ.Security for Grid Service[C].Twelfthe International Symposium on High Performance Distributed Computing(HPDC-12).2003
[11]WELCH V,SIEBENLIST F.GT3 Grid Security Infrastructure Overview [EB/OL].http://www-unix.globus.org/ogsa/docs/alpha/GT3 SecurityOverview.pdf,2003-01-04
[12]The MyProxy Project[EB/OL].http://grid.ncsa.uiuc.edu/myproxy/
[13]The GUMS Project[EB/OL].http://grid.racf.bnl.gov/GUMS/
[14]PEARLMAN L,KESSELMAN C,WELCH V,et al.The Community Authorization Service:Status and Future[R].La Jolla,California,USA:CHEP03,2003.
[15]R.Alfieri,R.Cecchini,V.Ciaschini,et al.VOMS,an Authorization System for Virtual Organizations[C].1st European Across Grids Conference,Santiago de Compostela:2003.
[16]R.Alfieri,R.Cecchini,V.Ciaschini,et al.From gridmap to VOMS:managing Authorization in a Grid environment[J].Future Generation Computer Systems Journal,2005,21(4):549-558.
[17]The GridShib Project[EB/OL].http://gridshib.globus.org/
[18]The PRIMA Project[EB/OL].http://computing.fnal.gov/docs/products/voprivilege/prima
[19]Markus Lorch,Dennis Kafura.The PRIMA Grid Authorization System[J].International Journal of Grid Computing,July 2004.
[20]Guangsen Zhang,Manish Parashar.Dynamic Context-aware Access Control for Grid Application[C].In IEEE Computer Society Press,editor.4th International Workshop on Grid Computing(Grid 2003),Phoenix,AZ,USA:2003.101-108.
[21]张纲,李晓林,游赣梅等.基于角色的信息网格访问控制的研究[J].计算机研究与发展.2002,39(8):952-956.
[22]LI Xiaolin,XU Zhiwei,LIU Xingwu,et al.Community-Based Model and Access Control for Information Grid[A].Proceedings 0f the IEEE/WIC International Conference On Web Intelligence[C].Canada,IEEE press,2003.462-465.
[23]何勇,谷大武.网格计算环境下基于角色的细粒度协作访问控制[J].上海交通大学学报.2006,40(5):801-804.
[24]Anil L.Pereira,Vineela Muppavarapu,Soon M Chung.Role-Based Access Control for Grid Database Services Using the Community Authorization Service[J].IEEE Transactions On Dependable And Secure Computing.2006,3(2):156-163.
[25]路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报.2006,34(4):577-582.
[26]王荣斌,陈蜀宇,姬晓波,喻林.一种基于身份网格认证框架的零知识改进方案[J].华中科技大学学报.2006,34(1):168-170.
[27]Hoon Wei Lira,Paterson K.G.Identity-based cryptography for grid security[C],e-Science and Grid Computing:2005.CD-ROM.
[28]陈宏伟,王汝传.网格安全模型中关键策略的研究[J].南京邮电学院学报.2005,25(2):71-75.
[29]潘海军,陆魁军,吴朝晖.基于网格系统的信任量化研究[J].计算机应用研究.2005,25(10):49-51.55.
[30]李鑫,刘妍,陈克非.网格计算中的信任模型研究[J].计算机工程.2005,3l(3):49-51.
[31]于继万,朱华飞.一种网格中信任评佔机制[J].计算机应用与软件.2005,22(6):67-70.
[32]王珊,高迎,程涛远,张坤龙.服务网格环境下基于行为的双层信任模型的研究[J].计算机应用.2005,25(9):1974-1977.
[33]Ni,Xudong,Luo Junzhou,Song Aibo.A Trust Degree Based Access Control for Multi-domains in Grid Environment Computer Supported Cooperative Work in Design,USA:2007.864- 869.
[34]CZAJKOWSKIK,FERGUSONK,FOSTER Ⅰ.From Open Grid Services Infrustruture to WS-Resource Framework:Refactoring&Evolution [EB/OL].http://www.globus.org/wsrf/specs/ogsi to wsrf 1.0.pdf.2004-11-20
[35]刘敏,严隽薇,王坚.网格化制造模式中面向联盟协同的安全体系及技术[J].计算机集成制造系统,2006,12(3):458-464.
[36]段文峰,孙永国,段铁群等.网络化制造系统的信息安全模型研究[J].机械工程师,2006,1:60-62.
[37]王路炯,李爱平,徐立云.ASP模式的网络化制造安全体系[J].中国机械工程.2007,18(3):115-117.
[38]宋伟,刘卫宁,孙枥华.供应链协同系统的安全体系的设计与实现[J].计算机集成制造系统.2006,12(2):292-295.
[39]Yuan Zhang,Moon Jung Chung,Hyun Kim.Layer-Based Access Control Model in the Manufacturing Infrastructure and Design Automation SystemiC].Information Security and Cryptology -ICISC 2003:6th International Conference.Seoul,Korea:Springer Berlin /Heidelberg,2003.197-214.
[40]郑小林,雷宇,陈德人.面向网络化制造系统的用户访问控制研究[J].浙江大学学报,2005,39(11):1736-1739
[41]梁策,肖田元,张林鍹.网络化制造中协同环境的访问控制技术[J].计算机集成制造系统.2007,13(1):136-140.
[42]Larry Korba,Yuefei Xu,Ronggong Song and George Yee.Environmentally-Aware Security Enforcement(EASE) for Cooperative Design and Engineering[C].Cooperative Design,Visualization,and Engineering:Second International Conference,CDVE 2005.Palma de Mallorca,Spain:Springer Berlin / Heidelberg,2005.140-148.
[43]刘雪晖,尹超,何彦,刘飞.网络化制造集成平台集中式身份认证策略研究[J].计算机集成制造系统,2005,11(6):885-890
[44]张会福,周祖德.网格代理认证技术在制造资源共享中的应用[J].微电子学与计算机.2006,23(9):115-117.
[45]Yuseung Sohn,Misung Cho,Giwon On,Kijoon Chae.A secure user authentication method in networked intelligent manufacturing systems[C].Cyberworlds,2005.CD-ROM
[46]邓志鸿等.Ontology研究综述[JJ.北京大学学报(自然科学版),2002,38(5):730-738.
[47]曹树金,马利霞.论本体与本体语言及其在信息检索领域的应用[J].信启系统,2004,27(6):632-637.
[48]陆汝钤.世纪之交的知识工程与知识科学[M].北京:清华大学出版社,2001.
[49]Gruber T.R.A Translation Approach to Portable Ontology Specification[J].Knowledge Acquisition,5(2):199-221,1993.
[50]Gruber T.R.Towards Princples for the Design of Ontologies Used for Knowledge Sharing[J].International Journal of human-computer Studies,43:907-928,1995.
[51]Tom Gruber.What is Ontology?[EB/OL].http://www-ksl.stanford.edu/kst/what-is-an-ontology.html,2003.
[52]M R Genesereth,R E Fikes.Knowledge interchange format version3.0 reference manual[S].Stanford University,Logic-92-1,1992.
[53]T R Gruber.Ontoligua:A mechanism to suport portable ontologies[R].Stanford University,KSL-91-66,1992.
[54]V KChaudhri,A Farquhar,RFikes,et al.OKBC:A programmatic foundation for knowledge base interoperability Stanford University[C].In:Proc of the 15~(th) National Conf on Artificail Intelligence(AAAI-98).Madison,Wisonsin:AAAI Press/MIT Press,1998.
[55]E Motta.An Overview of the OCML modeling language[C].The 8~(th) Workshop on Knowledge Engineering:Methods &Languages(KEML98),Karlsruhe,Germany,1998.
[56]L Farinas,A Herzig.Interference logic=conditional logic+frame axiom[J].International Journal of Intelligent Systems,1994,9(1):119-130.
[57]R MacGregor,R Bates.The loom knowledge representation language[R].Usc Information Sciences Institute,Tech Rep:ISI/Rs-87-188,1987.
[58]J Herin,J Hendler.Searching the web with SHOE.In:Artificial Intelligence for Web Search[C].Menlo Park,CA:AAAI Press,2000.35-50.
[59]P DKarpm,VKChaudhri,JThomere.XOL..An XML-based ontology exchange language[R].AI Center,SRI International,Tech Rep:559,1999.
[60]OML[EB/OL].http://en.wikipedia.org/wiki/OML
[61]F Harmelen,J Hendler,I Horrocks,et al.OWL Web Ontology Language Reference[EB/OL].http://www.w3.org/tr/owl-ref,2004-02-10.
[62]李善平,等.本体论研究综述[J].计算机研究与发展,2004,41(7):1041-1052.
[63]Dave Beckett,Brian McBride.RDF/XML Syntax Specification(Revised)[EB/OL].http://www.w3.org/tr/rdf-schema/,2004-02-10.
[64]周武,金远平.构建XML本体信息研究[J].微机发展,2003,13(10):61-64.
[65]A Ankolekar,M Burstein,JR Hobbs,et al.DAML-S:Web service description for the semantic Web[C].In:Proc of the lst Int'l Semantic Web Conf(ISWC).Sardinia,Italy:Springer,2002.348-363.
[66]D Fensel,C Bussler.The Web service modeling framework WSMF[EB/OL].h ttp://www.wsmo.org/papers/publications/wsmf.paper.pdf.2004-05-18.
[67]廖立君,王平,李长云.基于过程本体论的网格应用集成[J].计算机工程与应用,2006,42(15),182-184.
[68]Victor Raskin,Christian F.Hempelmann,Katrina E.Triezenberg,et al.Ontology in information security:a useful theoretical foundation and methodological tool[C].Proceedings of the 2001 workshop on new security paradigm,2001,53-59.
[69]韩伟力.分布式环境下的约束访问控制技术研究[D].浙江,浙江大学.2003.
[70]Uschold M.Knowledge Level Modelling:Concepts and Terminology[J].The Knowledge Engineering Review,1998,13(1):5-29.
[71]William Stallings著,杨明等译.密码编码学与网络交全[M].北京:电子工业出版社,2001.4-9.
[72]Mark O'Neill著,冉晓曼译.Web服务安全技术与原理[M].北京:清华大学出版社,2003.60-67.
[73]鲍震宁,范玉顺.基于对象的柔性组织建模方法[J].计算机集成制造系统-CIMS,2002,8(1):23-27.
[74]Mark S.Fox,Mihai Barbuceanu,Michael Gruninger,Jinxin Lin.An Organization Ontology for Enterprise Modelling[EB/OL].http://www.eil.utoronto.ca/enterprise-modelling
[75]Toronto Virtual Enterprise:http://www.eil.utoronto.ca/enterprise-modelling/tove
[76]问晓先,王刚等.一种面向制造行业的企业组织建模方法[J].哈尔滨工业大学学报.2001,33(4):423-427.
[77]张曙.21世纪制造业的发展趋势[R].同济大学.
[78]房亚东,何卫平,杜来红,秦忠宝等.基于多维度分析的制造资源集成与共享[J].计算机集成制造系统-CIMS,2006,12(7):1047-1053
[79]张磊,苑伟政,王伟.基于本体的制造网格服务自动链接[J].中国机械工程,2006,17(14):1484-1488
[80]李长云,孙星明,廖立君.过程本体论中的继承机制研究[J1.计算机工程与应用.2005,41(25):40-42,56.
[81]赵天奇,陈禹六.基于活动的工作流建模及其动态调度研究[J].系统工程理论与实践.2002,12(3):40-45,71
[82]胡锦敏,张申生,余新颖.基于ECA规则和活动分解的工作流模型[J].软件学报.2002,13(4):767-767
[83]李兵,李莉,薛劲松等.工作流技术在虚拟企业订单分解上的应用[J].计算机工程与应用.2003,16(7):28-31
[84]尹建伟,徐争前,冯志林等.增强权限约束支持的基于任务访问控制模型[J].计算机辅助设计与图形学学报,2006,18(1):143-148.
[85]Mare Wilikens,Simone Feriti,Alberto Sanna,Marcelo Masera.A context-related authorization and access control method based on RBAC[C].Seventh ACM Symposium on Access Control Models and Technologies,2002,117-124.
[86]Ruben Wolf,Markus Schneider.Context-dependent Access Control for Web-based Collaboration Environment with Role-based Approach.
[87]Guangsen Zhang,Manish Parashar.Dynamic Context-aware Access Control for Grid Application[C].Proceedings of the Fouth International Workshop on Grid Computing,2003,86-94.
[88]Shilit B.N.,Adams N.I.,Want R..Context-Aware Computing Applications[C].In Proceedings of the Workshop on Mobile Computing Systems and Applications.IEEE Computer Society,Santa Cruz,CA,1994,85-90.
[89]Dey A.K.,Abowd G.D.Towards a Better Understanding of Context and Context-Awareness[EB/OL].ftp://ftp.cc.gatech.edu/pub/gvu/tr/1999/99-22.pdf,1999.
[90]Gross T.,Specht M.Awareness in Context-Aware Information Systems[J].In Mensch &Computer.2001.173-182.
[91]I.Foster,H.Kishimoto,A.Savva,et al.The Open Grid Services Architecture,Version 1.0[EB/OL].http://forge.gridforum.org/projects/ogsa-wg.2005,1.
[92]吴爽,蒋吕俊.OGSA安全体系及其在GT3中的实现[J].计算机应用研究.2004,21(5), 166-168.
[93]Web Services Security:SOAP Message Security 1.0(WS-Security 2004)[S].http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.
[94]Nataraj Nagaratnaml,Philippe Janson2,John Dayka3.The Security Architecture for Open Grid Services[EB/OL].www.cs.virginia.edu/-humphrey/ogsa-sec-wg/OGSA-SecArch-vl-07192002.pdf.2002.6.
[95]Von Welch.Globus Toolkit Version 4 Grid Security Infrastructure:A Standards Perspective[EB/OL].http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf 2005,9.
[96]Babu Sundaram.GT4 安 全 性 简 介[EB/OL].http://www-128.ibm.com/developerworks/cn/grid/gr-gsi4intro/index.html,2005-6.
[97]马珂绛.支持OGSA的网格安全技术研究和改进[D].浙江:浙江工业大学,2005.
[98]张登银,勒楠.GT的安全机制及实现方法的演进[J].南京邮电大学学报,2006,26(1):48-53.
[99]Foster I.网格计算(第二版)[M].西交:电子工业出版社,2004.
[100]郑连清,汪胜荣等.网格安全概论[M].北京:清华大学出版社,2004.
[101]杨楠,杨涛,韩向利,肖田元.敏捷企业合作环境下的企业注册代理[J].计算机集成制造系统.2001,7(7):62-66.
[102]蒋文保,戴一奇,杨大鉴.一种基于多种证书的网格安全系统[J].清华大学学报.2004,31(7):563-566.
[103]郑芸芸,常致全,王冬磊,蒋勇.网格中的认证授权技术[J].计算机技术与发展.2006,16(10):139-142.
[104]Lu Xiao-Ming,Feng Deng-Guo.An identity-based authentication model for multi-domain Grids[J].Tien Tzu Hsueh Pao/Acta Electronica Sinicap[J].34(4):577-582.
[105]Xin Li,Ogawa Mizuhito.A lightweight mutual authentication based on proxy certificate trust list[J].Parallel and Distributed Computing:Applications and Technologiesp[J].3320(4):923-1292.
[106]武小年,陈名松,张润莲.基于数字证书的网格用户交全管理[J].信息安全与通信保密.2005,7(7):305-307.
[107]袁晓舟,范菲雅,马登哲.应用服务提供商平台统一用户管理模型的研究与实现[J].计算机集成制造系统.2006,12(12):1972-1976.
[108]Housley,R,W.Ford,W.Polk,and D.Solo.Internet X.509 Public Key Infrastructure Certificate and CRL Profile[S].http://www.ietf.org/rfc/rfc2459.txt,1999,1.
[109]S.Tuecke,V.Welch,et al.Internet X.509 Public Key Infrastructure(PKI)Proxy Certificate Profile[S].www.ietf.org/rfc/rfc3820.txt,2004,6.
[110]陈宏伟,王汝传,韩光法.基于虚拟组织和移动代理的网格认证机制研究,计算机科学,2005,1(32):70-73.
[111]张庆成.基于角色的网格细粒度授权的研究[D].武汉:华中科技大学,2004.
[112]Von Welch.Community Authorization Service(CAS)Overview[EB/OL].www.globus.org/toolkit/presentations/CAS-groups-CHEP-03.ppt,2003.
[113]刘宏月,范九伦,马建峰.访问控制技术研究进展[J].小型微型计算机系统,2004,25(1),56-59.
[114]徐杰.基于代理的网格门户验证与授权机制研究[D].南京理工大学,2004:16-19.
[115]许峰,赖海光黄皓等.面向服务的角色访问控制技术研究[J].计算机学报,2005,28(4):686-693.
[116]FERRAIOLO D F,SANDHU R,GAVRILA,D,et al.A Proposed Standard for Role-Based Access Control[J].ACM Transactions on Information and System Security,2001,4(3):224-274.
[117]Sandhu R S,Coyne E J.Role-based access control models[J].IEEE computer,1996,29(2):38-47.
[118]穆美好.基于两级角色管理的访问控制[J].计算机工程与设计,2006,27(8),1465-1467.
[119]孙惠斌,江平宁.基于角色-活动模型的移动制造协同链建模[J].计算机工程,2007,33(4):8-10.
[120]李沛武,卢正鼎.RBAC角色区间的封装和分布式管理[J].小型微型计算机系统,2005,26(2),252-255.
[121]肖威,程文青,许炜.基于Web的工作流细粒度授权框架[J].计算机技术与发展,2006,16(12):240-243.
[122]一种新的角色层次关系模型的研究和应用[D].河南郑州:中国人民解放军信息工程大学电子技术学院,2004.
[123]Thomas R K,Sandhu R S.Task-based authorization controls(TBAC):a family of models for active and enterprise-oriented authorization management[C].Proceedings of the IFIP WG11.3Workshop on Database Security,Lake Tahoe,Califomia,1997:166-181
[124]Sejong Oh,Seog Park.Task-role-based access control model[J].Information Systems,2002,28(2003):533-562.
[125]邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76-82.
[126]Blaze,M.,Feigenbaum,J.,Lacy,J.Decentralized trust management.In:Dale,J.,Dinolt,G.,eds.Proceedings Symposium on Security and Privacy.Oakland,CA:IEEE Computer Society Press,1996:164-173.
[127]Abdul-Rahman,A.,Hailes,S.A distributed trust model.In:Proceedings of the 1997 New Security Paradigms Workshop.UK:ACM Press,1998.48-60.http://www.ib.hu-berlin.de/-kuhlen/VERT01/abdul-rahman-trust-model1997.pdf.
[128]于珊,高迎,程涛远,张坤龙.服务网格环境下基于行为的双层信任模型的研究[J].计算 机应用,2005,25(9):1974-1977.
[129]王莉苹,杨寿保.网格环境中的一种信任模型[J].计算机工程与应用,2005,25(9):50-53.
[130]徐 锋,吕 建.Web安全中的信任管理研究与进展[J].软件学报,2002,13(11):2057-2064.
[131]潘海军,陆魁军,吴朝晖.基于网格系统的信任量化研究[J].计算机应用研究,2005,25(10):49-52.
[132]于继万,朱华飞.一种在网格中信任评估机制[J].计算机应用与软件,2005,22(6):67-70.
[133]李鑫,刘妍,陈克非.网格计算中的信任模型研究[J].计算机工程,2005,31(3):64-66.
[134]Gambetta D.Can we trust trust? In:Gambetta D,ed.Trust:Making and Breaking Cooperative Relations.Basil Blackwell:Oxford Press,1990.213-237.
[135]Chu,Y.-H.,Feigenbaum,J.,LaMacchia,B.,et al.REFEREE:trust management for Web applications.World Wide Web Journal,1997,2(2):127-139
[136]eXtensible Access Control Markup Language(XACML) Version 2.0[S].OASIS Standard,1Feb 2005
[137]唐成华,胡昌振.面向资源的细粒度可扩展访问控制策略[J].计算机应用研究,2006,28(10):82-85.
[138]SAML 2.0[S].http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security#samlv20.
[2]刘飞,雷琦,宋豫川.网络化制造的内涵及研究发展趋势[J].机械工程学报,2003,39(8):1-6.
[3]刘丽兰.制造网格及其基于QoS的资源管理系统研究[D].上海:上海大学2004.
[4]Foster,C.Kesselman.The Grid:Blueprint for a New Computing Infrastructure[EB/OL].http://mkp.com/grids,http://www.gridforum.org/,http://www.ccgrid.org/,2002.
[5]Foster Ian,Carl Kesselman,Steven Tuecke.The Anatomy of the Grid[EB/OL].http://www.globus.org/alliance/publications/papers/anatomy.pdf,2002.
[6]刘鹏,网格发展趋势[EB/OL].http://www.chinagrid.net/grid/paperppt/AppAnalysis.doc
[7]Foster Ian.What is the Grid? A Three Point Checklist[EB/OL].http://www-fp.mcs.anl.gov/-foster/Articles/WhatIsTheGrid.pdf,2002.
[8]Carlisle Adams,Steve Lloyd著,冯登国等译.公开密钥基础设施-概念、标准和规范[M].北京:人民邮电出版社,2000.3-58.
[9]The Globus Project[EB/OL].http://www.globus.org/.
[10]WELCH V,SIEBENLIST F,Foster Ⅰ.Security for Grid Service[C].Twelfthe International Symposium on High Performance Distributed Computing(HPDC-12).2003
[11]WELCH V,SIEBENLIST F.GT3 Grid Security Infrastructure Overview [EB/OL].http://www-unix.globus.org/ogsa/docs/alpha/GT3 SecurityOverview.pdf,2003-01-04
[12]The MyProxy Project[EB/OL].http://grid.ncsa.uiuc.edu/myproxy/
[13]The GUMS Project[EB/OL].http://grid.racf.bnl.gov/GUMS/
[14]PEARLMAN L,KESSELMAN C,WELCH V,et al.The Community Authorization Service:Status and Future[R].La Jolla,California,USA:CHEP03,2003.
[15]R.Alfieri,R.Cecchini,V.Ciaschini,et al.VOMS,an Authorization System for Virtual Organizations[C].1st European Across Grids Conference,Santiago de Compostela:2003.
[16]R.Alfieri,R.Cecchini,V.Ciaschini,et al.From gridmap to VOMS:managing Authorization in a Grid environment[J].Future Generation Computer Systems Journal,2005,21(4):549-558.
[17]The GridShib Project[EB/OL].http://gridshib.globus.org/
[18]The PRIMA Project[EB/OL].http://computing.fnal.gov/docs/products/voprivilege/prima
[19]Markus Lorch,Dennis Kafura.The PRIMA Grid Authorization System[J].International Journal of Grid Computing,July 2004.
[20]Guangsen Zhang,Manish Parashar.Dynamic Context-aware Access Control for Grid Application[C].In IEEE Computer Society Press,editor.4th International Workshop on Grid Computing(Grid 2003),Phoenix,AZ,USA:2003.101-108.
[21]张纲,李晓林,游赣梅等.基于角色的信息网格访问控制的研究[J].计算机研究与发展.2002,39(8):952-956.
[22]LI Xiaolin,XU Zhiwei,LIU Xingwu,et al.Community-Based Model and Access Control for Information Grid[A].Proceedings 0f the IEEE/WIC International Conference On Web Intelligence[C].Canada,IEEE press,2003.462-465.
[23]何勇,谷大武.网格计算环境下基于角色的细粒度协作访问控制[J].上海交通大学学报.2006,40(5):801-804.
[24]Anil L.Pereira,Vineela Muppavarapu,Soon M Chung.Role-Based Access Control for Grid Database Services Using the Community Authorization Service[J].IEEE Transactions On Dependable And Secure Computing.2006,3(2):156-163.
[25]路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报.2006,34(4):577-582.
[26]王荣斌,陈蜀宇,姬晓波,喻林.一种基于身份网格认证框架的零知识改进方案[J].华中科技大学学报.2006,34(1):168-170.
[27]Hoon Wei Lira,Paterson K.G.Identity-based cryptography for grid security[C],e-Science and Grid Computing:2005.CD-ROM.
[28]陈宏伟,王汝传.网格安全模型中关键策略的研究[J].南京邮电学院学报.2005,25(2):71-75.
[29]潘海军,陆魁军,吴朝晖.基于网格系统的信任量化研究[J].计算机应用研究.2005,25(10):49-51.55.
[30]李鑫,刘妍,陈克非.网格计算中的信任模型研究[J].计算机工程.2005,3l(3):49-51.
[31]于继万,朱华飞.一种网格中信任评佔机制[J].计算机应用与软件.2005,22(6):67-70.
[32]王珊,高迎,程涛远,张坤龙.服务网格环境下基于行为的双层信任模型的研究[J].计算机应用.2005,25(9):1974-1977.
[33]Ni,Xudong,Luo Junzhou,Song Aibo.A Trust Degree Based Access Control for Multi-domains in Grid Environment Computer Supported Cooperative Work in Design,USA:2007.864- 869.
[34]CZAJKOWSKIK,FERGUSONK,FOSTER Ⅰ.From Open Grid Services Infrustruture to WS-Resource Framework:Refactoring&Evolution [EB/OL].http://www.globus.org/wsrf/specs/ogsi to wsrf 1.0.pdf.2004-11-20
[35]刘敏,严隽薇,王坚.网格化制造模式中面向联盟协同的安全体系及技术[J].计算机集成制造系统,2006,12(3):458-464.
[36]段文峰,孙永国,段铁群等.网络化制造系统的信息安全模型研究[J].机械工程师,2006,1:60-62.
[37]王路炯,李爱平,徐立云.ASP模式的网络化制造安全体系[J].中国机械工程.2007,18(3):115-117.
[38]宋伟,刘卫宁,孙枥华.供应链协同系统的安全体系的设计与实现[J].计算机集成制造系统.2006,12(2):292-295.
[39]Yuan Zhang,Moon Jung Chung,Hyun Kim.Layer-Based Access Control Model in the Manufacturing Infrastructure and Design Automation SystemiC].Information Security and Cryptology -ICISC 2003:6th International Conference.Seoul,Korea:Springer Berlin /Heidelberg,2003.197-214.
[40]郑小林,雷宇,陈德人.面向网络化制造系统的用户访问控制研究[J].浙江大学学报,2005,39(11):1736-1739
[41]梁策,肖田元,张林鍹.网络化制造中协同环境的访问控制技术[J].计算机集成制造系统.2007,13(1):136-140.
[42]Larry Korba,Yuefei Xu,Ronggong Song and George Yee.Environmentally-Aware Security Enforcement(EASE) for Cooperative Design and Engineering[C].Cooperative Design,Visualization,and Engineering:Second International Conference,CDVE 2005.Palma de Mallorca,Spain:Springer Berlin / Heidelberg,2005.140-148.
[43]刘雪晖,尹超,何彦,刘飞.网络化制造集成平台集中式身份认证策略研究[J].计算机集成制造系统,2005,11(6):885-890
[44]张会福,周祖德.网格代理认证技术在制造资源共享中的应用[J].微电子学与计算机.2006,23(9):115-117.
[45]Yuseung Sohn,Misung Cho,Giwon On,Kijoon Chae.A secure user authentication method in networked intelligent manufacturing systems[C].Cyberworlds,2005.CD-ROM
[46]邓志鸿等.Ontology研究综述[JJ.北京大学学报(自然科学版),2002,38(5):730-738.
[47]曹树金,马利霞.论本体与本体语言及其在信息检索领域的应用[J].信启系统,2004,27(6):632-637.
[48]陆汝钤.世纪之交的知识工程与知识科学[M].北京:清华大学出版社,2001.
[49]Gruber T.R.A Translation Approach to Portable Ontology Specification[J].Knowledge Acquisition,5(2):199-221,1993.
[50]Gruber T.R.Towards Princples for the Design of Ontologies Used for Knowledge Sharing[J].International Journal of human-computer Studies,43:907-928,1995.
[51]Tom Gruber.What is Ontology?[EB/OL].http://www-ksl.stanford.edu/kst/what-is-an-ontology.html,2003.
[52]M R Genesereth,R E Fikes.Knowledge interchange format version3.0 reference manual[S].Stanford University,Logic-92-1,1992.
[53]T R Gruber.Ontoligua:A mechanism to suport portable ontologies[R].Stanford University,KSL-91-66,1992.
[54]V KChaudhri,A Farquhar,RFikes,et al.OKBC:A programmatic foundation for knowledge base interoperability Stanford University[C].In:Proc of the 15~(th) National Conf on Artificail Intelligence(AAAI-98).Madison,Wisonsin:AAAI Press/MIT Press,1998.
[55]E Motta.An Overview of the OCML modeling language[C].The 8~(th) Workshop on Knowledge Engineering:Methods &Languages(KEML98),Karlsruhe,Germany,1998.
[56]L Farinas,A Herzig.Interference logic=conditional logic+frame axiom[J].International Journal of Intelligent Systems,1994,9(1):119-130.
[57]R MacGregor,R Bates.The loom knowledge representation language[R].Usc Information Sciences Institute,Tech Rep:ISI/Rs-87-188,1987.
[58]J Herin,J Hendler.Searching the web with SHOE.In:Artificial Intelligence for Web Search[C].Menlo Park,CA:AAAI Press,2000.35-50.
[59]P DKarpm,VKChaudhri,JThomere.XOL..An XML-based ontology exchange language[R].AI Center,SRI International,Tech Rep:559,1999.
[60]OML[EB/OL].http://en.wikipedia.org/wiki/OML
[61]F Harmelen,J Hendler,I Horrocks,et al.OWL Web Ontology Language Reference[EB/OL].http://www.w3.org/tr/owl-ref,2004-02-10.
[62]李善平,等.本体论研究综述[J].计算机研究与发展,2004,41(7):1041-1052.
[63]Dave Beckett,Brian McBride.RDF/XML Syntax Specification(Revised)[EB/OL].http://www.w3.org/tr/rdf-schema/,2004-02-10.
[64]周武,金远平.构建XML本体信息研究[J].微机发展,2003,13(10):61-64.
[65]A Ankolekar,M Burstein,JR Hobbs,et al.DAML-S:Web service description for the semantic Web[C].In:Proc of the lst Int'l Semantic Web Conf(ISWC).Sardinia,Italy:Springer,2002.348-363.
[66]D Fensel,C Bussler.The Web service modeling framework WSMF[EB/OL].h ttp://www.wsmo.org/papers/publications/wsmf.paper.pdf.2004-05-18.
[67]廖立君,王平,李长云.基于过程本体论的网格应用集成[J].计算机工程与应用,2006,42(15),182-184.
[68]Victor Raskin,Christian F.Hempelmann,Katrina E.Triezenberg,et al.Ontology in information security:a useful theoretical foundation and methodological tool[C].Proceedings of the 2001 workshop on new security paradigm,2001,53-59.
[69]韩伟力.分布式环境下的约束访问控制技术研究[D].浙江,浙江大学.2003.
[70]Uschold M.Knowledge Level Modelling:Concepts and Terminology[J].The Knowledge Engineering Review,1998,13(1):5-29.
[71]William Stallings著,杨明等译.密码编码学与网络交全[M].北京:电子工业出版社,2001.4-9.
[72]Mark O'Neill著,冉晓曼译.Web服务安全技术与原理[M].北京:清华大学出版社,2003.60-67.
[73]鲍震宁,范玉顺.基于对象的柔性组织建模方法[J].计算机集成制造系统-CIMS,2002,8(1):23-27.
[74]Mark S.Fox,Mihai Barbuceanu,Michael Gruninger,Jinxin Lin.An Organization Ontology for Enterprise Modelling[EB/OL].http://www.eil.utoronto.ca/enterprise-modelling
[75]Toronto Virtual Enterprise:http://www.eil.utoronto.ca/enterprise-modelling/tove
[76]问晓先,王刚等.一种面向制造行业的企业组织建模方法[J].哈尔滨工业大学学报.2001,33(4):423-427.
[77]张曙.21世纪制造业的发展趋势[R].同济大学.
[78]房亚东,何卫平,杜来红,秦忠宝等.基于多维度分析的制造资源集成与共享[J].计算机集成制造系统-CIMS,2006,12(7):1047-1053
[79]张磊,苑伟政,王伟.基于本体的制造网格服务自动链接[J].中国机械工程,2006,17(14):1484-1488
[80]李长云,孙星明,廖立君.过程本体论中的继承机制研究[J1.计算机工程与应用.2005,41(25):40-42,56.
[81]赵天奇,陈禹六.基于活动的工作流建模及其动态调度研究[J].系统工程理论与实践.2002,12(3):40-45,71
[82]胡锦敏,张申生,余新颖.基于ECA规则和活动分解的工作流模型[J].软件学报.2002,13(4):767-767
[83]李兵,李莉,薛劲松等.工作流技术在虚拟企业订单分解上的应用[J].计算机工程与应用.2003,16(7):28-31
[84]尹建伟,徐争前,冯志林等.增强权限约束支持的基于任务访问控制模型[J].计算机辅助设计与图形学学报,2006,18(1):143-148.
[85]Mare Wilikens,Simone Feriti,Alberto Sanna,Marcelo Masera.A context-related authorization and access control method based on RBAC[C].Seventh ACM Symposium on Access Control Models and Technologies,2002,117-124.
[86]Ruben Wolf,Markus Schneider.Context-dependent Access Control for Web-based Collaboration Environment with Role-based Approach.
[87]Guangsen Zhang,Manish Parashar.Dynamic Context-aware Access Control for Grid Application[C].Proceedings of the Fouth International Workshop on Grid Computing,2003,86-94.
[88]Shilit B.N.,Adams N.I.,Want R..Context-Aware Computing Applications[C].In Proceedings of the Workshop on Mobile Computing Systems and Applications.IEEE Computer Society,Santa Cruz,CA,1994,85-90.
[89]Dey A.K.,Abowd G.D.Towards a Better Understanding of Context and Context-Awareness[EB/OL].ftp://ftp.cc.gatech.edu/pub/gvu/tr/1999/99-22.pdf,1999.
[90]Gross T.,Specht M.Awareness in Context-Aware Information Systems[J].In Mensch &Computer.2001.173-182.
[91]I.Foster,H.Kishimoto,A.Savva,et al.The Open Grid Services Architecture,Version 1.0[EB/OL].http://forge.gridforum.org/projects/ogsa-wg.2005,1.
[92]吴爽,蒋吕俊.OGSA安全体系及其在GT3中的实现[J].计算机应用研究.2004,21(5), 166-168.
[93]Web Services Security:SOAP Message Security 1.0(WS-Security 2004)[S].http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.
[94]Nataraj Nagaratnaml,Philippe Janson2,John Dayka3.The Security Architecture for Open Grid Services[EB/OL].www.cs.virginia.edu/-humphrey/ogsa-sec-wg/OGSA-SecArch-vl-07192002.pdf.2002.6.
[95]Von Welch.Globus Toolkit Version 4 Grid Security Infrastructure:A Standards Perspective[EB/OL].http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf 2005,9.
[96]Babu Sundaram.GT4 安 全 性 简 介[EB/OL].http://www-128.ibm.com/developerworks/cn/grid/gr-gsi4intro/index.html,2005-6.
[97]马珂绛.支持OGSA的网格安全技术研究和改进[D].浙江:浙江工业大学,2005.
[98]张登银,勒楠.GT的安全机制及实现方法的演进[J].南京邮电大学学报,2006,26(1):48-53.
[99]Foster I.网格计算(第二版)[M].西交:电子工业出版社,2004.
[100]郑连清,汪胜荣等.网格安全概论[M].北京:清华大学出版社,2004.
[101]杨楠,杨涛,韩向利,肖田元.敏捷企业合作环境下的企业注册代理[J].计算机集成制造系统.2001,7(7):62-66.
[102]蒋文保,戴一奇,杨大鉴.一种基于多种证书的网格安全系统[J].清华大学学报.2004,31(7):563-566.
[103]郑芸芸,常致全,王冬磊,蒋勇.网格中的认证授权技术[J].计算机技术与发展.2006,16(10):139-142.
[104]Lu Xiao-Ming,Feng Deng-Guo.An identity-based authentication model for multi-domain Grids[J].Tien Tzu Hsueh Pao/Acta Electronica Sinicap[J].34(4):577-582.
[105]Xin Li,Ogawa Mizuhito.A lightweight mutual authentication based on proxy certificate trust list[J].Parallel and Distributed Computing:Applications and Technologiesp[J].3320(4):923-1292.
[106]武小年,陈名松,张润莲.基于数字证书的网格用户交全管理[J].信息安全与通信保密.2005,7(7):305-307.
[107]袁晓舟,范菲雅,马登哲.应用服务提供商平台统一用户管理模型的研究与实现[J].计算机集成制造系统.2006,12(12):1972-1976.
[108]Housley,R,W.Ford,W.Polk,and D.Solo.Internet X.509 Public Key Infrastructure Certificate and CRL Profile[S].http://www.ietf.org/rfc/rfc2459.txt,1999,1.
[109]S.Tuecke,V.Welch,et al.Internet X.509 Public Key Infrastructure(PKI)Proxy Certificate Profile[S].www.ietf.org/rfc/rfc3820.txt,2004,6.
[110]陈宏伟,王汝传,韩光法.基于虚拟组织和移动代理的网格认证机制研究,计算机科学,2005,1(32):70-73.
[111]张庆成.基于角色的网格细粒度授权的研究[D].武汉:华中科技大学,2004.
[112]Von Welch.Community Authorization Service(CAS)Overview[EB/OL].www.globus.org/toolkit/presentations/CAS-groups-CHEP-03.ppt,2003.
[113]刘宏月,范九伦,马建峰.访问控制技术研究进展[J].小型微型计算机系统,2004,25(1),56-59.
[114]徐杰.基于代理的网格门户验证与授权机制研究[D].南京理工大学,2004:16-19.
[115]许峰,赖海光黄皓等.面向服务的角色访问控制技术研究[J].计算机学报,2005,28(4):686-693.
[116]FERRAIOLO D F,SANDHU R,GAVRILA,D,et al.A Proposed Standard for Role-Based Access Control[J].ACM Transactions on Information and System Security,2001,4(3):224-274.
[117]Sandhu R S,Coyne E J.Role-based access control models[J].IEEE computer,1996,29(2):38-47.
[118]穆美好.基于两级角色管理的访问控制[J].计算机工程与设计,2006,27(8),1465-1467.
[119]孙惠斌,江平宁.基于角色-活动模型的移动制造协同链建模[J].计算机工程,2007,33(4):8-10.
[120]李沛武,卢正鼎.RBAC角色区间的封装和分布式管理[J].小型微型计算机系统,2005,26(2),252-255.
[121]肖威,程文青,许炜.基于Web的工作流细粒度授权框架[J].计算机技术与发展,2006,16(12):240-243.
[122]一种新的角色层次关系模型的研究和应用[D].河南郑州:中国人民解放军信息工程大学电子技术学院,2004.
[123]Thomas R K,Sandhu R S.Task-based authorization controls(TBAC):a family of models for active and enterprise-oriented authorization management[C].Proceedings of the IFIP WG11.3Workshop on Database Security,Lake Tahoe,Califomia,1997:166-181
[124]Sejong Oh,Seog Park.Task-role-based access control model[J].Information Systems,2002,28(2003):533-562.
[125]邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76-82.
[126]Blaze,M.,Feigenbaum,J.,Lacy,J.Decentralized trust management.In:Dale,J.,Dinolt,G.,eds.Proceedings Symposium on Security and Privacy.Oakland,CA:IEEE Computer Society Press,1996:164-173.
[127]Abdul-Rahman,A.,Hailes,S.A distributed trust model.In:Proceedings of the 1997 New Security Paradigms Workshop.UK:ACM Press,1998.48-60.http://www.ib.hu-berlin.de/-kuhlen/VERT01/abdul-rahman-trust-model1997.pdf.
[128]于珊,高迎,程涛远,张坤龙.服务网格环境下基于行为的双层信任模型的研究[J].计算 机应用,2005,25(9):1974-1977.
[129]王莉苹,杨寿保.网格环境中的一种信任模型[J].计算机工程与应用,2005,25(9):50-53.
[130]徐 锋,吕 建.Web安全中的信任管理研究与进展[J].软件学报,2002,13(11):2057-2064.
[131]潘海军,陆魁军,吴朝晖.基于网格系统的信任量化研究[J].计算机应用研究,2005,25(10):49-52.
[132]于继万,朱华飞.一种在网格中信任评估机制[J].计算机应用与软件,2005,22(6):67-70.
[133]李鑫,刘妍,陈克非.网格计算中的信任模型研究[J].计算机工程,2005,31(3):64-66.
[134]Gambetta D.Can we trust trust? In:Gambetta D,ed.Trust:Making and Breaking Cooperative Relations.Basil Blackwell:Oxford Press,1990.213-237.
[135]Chu,Y.-H.,Feigenbaum,J.,LaMacchia,B.,et al.REFEREE:trust management for Web applications.World Wide Web Journal,1997,2(2):127-139
[136]eXtensible Access Control Markup Language(XACML) Version 2.0[S].OASIS Standard,1Feb 2005
[137]唐成华,胡昌振.面向资源的细粒度可扩展访问控制策略[J].计算机应用研究,2006,28(10):82-85.
[138]SAML 2.0[S].http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security#samlv20.