中文摘要：

针对分布式环境下各自主域访问控制模型的异构性以及跨域访问中域自治与协作问题,提出了一种基于策略的跨自主域访问控制模型.该模型通过自主域间访问主体的不同粒度映射机制,支持域间的安全互操作;通过安全控制器并结合基于XACML的访问控制策略,实现了域间用户权限的逻辑整合.各域的相关权限信息封装在域内,既保持原有的独立性又实现了域间的协作,同时屏蔽了域间主体差异,解决了不同域系统互不认知和异构访问控制模型映射问题.

英文摘要：

Autonomous domain access control model is heterogeneous and every domain is autonomous and cooperated each other when visits of cross-domain occur in Distributed environment.In this paper a policy-based across autonomous domain access control model is proposed.Different level mapping mechanism is used to support the security interoperability of across-domain in this model.Achieve integration of inter-domain user＇s access rights in logic through security controller combined with the XACML-based access control strategy.The relevant authority of the domain information is encapsulated.So it is not only maintaining the domain＇s independence and collaboration but also shielding the subjects＇ differences of domain and resolving the issues that different domain systems are not cognitive and access control model is heterogeneous.