Tenant-Centric Attribute Semantic Access Control Policy Model for the Cloud Service Platform

Abstract

In the open Internet environment, there is a cross-platform access control problem that when a tenant needs to access the business resources of other collaborative platforms through the cloud service platform, the cloud service platform only supports the tenant to access the business resources within the platform. When tenants need to access business resources through the cloud service platform, the authorization method of the cloud service platform is static and the authorization granularity is coarse-grained, so dynamic fine-grained authorization is not supported. To solve the above problems, based on ABAC, this paper proposes a tenant-centric attribute semantic access control policy model for cloud service platforms. The model and its application framework can automatically evaluate whether it has cloud service platform or cross-platform access control rights according to the change of the tenant’s attributes so as to determine whether it can obtain the corresponding business resources. Through a practical case analysis, we prove that the application of ASACPM and its application framework to the cloud service platform have good flexibility, scalability, and practicability. In addition, we design some experimental scenarios to verify that the performance of ASACPM and its application framework meet our expectations and have good reliability, validity, and rationality.