Background technology
Along with the Internet constantly develops, the network bandwidth can meet the needs of user gradually, multimedia, heap file transmission, reaching its maturity of the foundation of distributed data base technique, particularly nearest cloud computing technology, proposes new challenge and theory to traditional software producer.
Traditional software producer, is roughly divided into: exploitation, sells, and disposes, and general all by the Software deployment of oneself on specific server.And the new software notion SaaS proposed now (software as service), allow the product of a software producer rent and sale oneself, software application is deployed on SaaS cloud computing platform by the client renting its software, like this, the user of software is by logging in platform, and the software application that clicking needs is served.
Since software is no longer deployed on the server in specific place, and the maximum Consumer's Experience of SaaS platform is exactly personalized customization, and so, data store organisation nature and traditional software database create very big-difference.
Information stores and is mainly divided into metadata store (MetaData DB) and tenant (tenant) database purchase.Metadata store completes the mapping of the database that specific tenant uses to it, is convenient to the fast access of login user.Tenant database purchase be exactly corresponding business object, as product information, customer information etc.
From above brief introduction, the safe access control mechanism that under SaaS platform, searching one is suitable is necessary, mainly prevent the user of different tenant from not interfering with each other when finding corresponding database, prevent disabled user from arbitrarily entering in uncommitted tenant service, also comprise the safe access control mechanism to each tenant database simultaneously.
Since producing from computer and the Internet, access control technology is exactly the strategy that database security relies on.At present, along with the development of cloud computing, software market will change a lot, and traditional fixing deployment software will be transformed into taxi software, and be published on the platform of support SaaS, so, " software supermarket " this pattern produces at random.
So in the past traditional database security access strategy must make corresponding adjustment, for dealing with the complicated feature that " software supermarket " has.
Summary of the invention
In order to overcome the above-mentioned shortcoming of prior art, the invention provides a kind of strong expansion network grid SaaS access control method, utilize the metadata network grid be deployed on LDARP LIST SERVER to realize the portal authentication of specific user to specific tenant, then single tenant utilizes Personalized service to complete the secure access strategy of database; Further, when multiple tenant produces shared resource, by information feed back in metadata network grid, metadata network grid completes the newly assembled of shared resource grid.Then, the method adopting grid to shield for disabled user blocks its access, and the term of validity operation for tenant adopts grid to cancel the mode indicated with grid and completes maintenance.The present invention is mainly used in, based on the safe access control of the interconnected software service platform of SaaS, having high efficiency, the feature of low coupling, for whole SaaS platform provides safety guarantee.
The technical solution adopted for the present invention to solve the technical problems is: a kind of strong expansion network grid SaaS access control method, comprises the steps:
The first step, metadatabase safeguard a virtual network grid, for identifying the information of tenant and user;
Second step, when a tenant completes when the license of SaaS platform, the virtual network grid of metadatabase to this tenant carries out initialization;
3rd step, access SaaS platform as user, when finding corresponding service, network grid controls user access;
After 4th step, the license of user by metadatabase, when conducting interviews to the database of each tenant, the access control policy of main flow is adopted to supervise;
5th step, when user's accessing shared data resource time, directly start entrance network grid identifying sharing data resources and enter shared resource database.
Described virtual network grid adopts the form of two dimensional surface grid, keep a record by the numeral of four quadrants, detailed process is: mark GridT.A corresponding to the first tenant tennatA is on the first quartile of two dimensional surface, one of them summit is initial point, the length of side is unit 1, reference numbers is (0.5,0.5); The mark GridT.B that second tenant tenantB is corresponding expands to X-axis positive direction, and the length of side is also unit 1, and reference numbers is (1.5,0.5), the like.
Initialization described in second step comprises two stages, and the first stage is the one-level grid initialization to tenant, identifies the network grid corresponding to tenant database with GridT, and tenant issues the first identifier and the second identifier to user; Second stage is the secondary grid initialization to user.
Described in 3rd step, access control process is: first, metadatabase obtains the first identifier from user login information, if information is correct, so corresponding network trellis states could corresponding to tenant database is converted into unlatching, allows user to access this tenant database entrance; Then, network grid utilizes secondary grid to carry out next step comparison, if the second identifier is correct, so secondary grid is user's unlatching, and user starts the database of accessing this tenant.
The access control policy of described main flow comprises: self contained navigation, forced symmetric centralization and role-base access control.
Metadatabase adopts GridT.sign. (a, b) entrance of sharing data resources is identified, if simultaneously with MarkUser.A and MarkUser.B in user profile, so GridT.sign. (a, b) for user opens, user can direct accessing shared data storehouse DataSpace (A, B).
Compared with prior art, good effect of the present invention is: by the access structure of meta data server+Tenant database, allow the user of each tennat can find the data resource of oneself correspondence very soon, thus, meta data server sets virtual network grid, is convenient to control the access of numerous user to tenant database; Also meet the control to shared resource while there is strong autgmentability, and the pot life is long, safeguards simple.The present invention when low take network and hardware resource, low maintenance complete the safe access control of metadata and tenant database under for SaaS platform, can be deployed on the SaaS platform on current network, become the safe access control pattern under new software commercial trends.
Embodiment
A kind of strong expansion network grid SaaS access control method, comprises the steps:
The first step, metadatabase safeguard a virtual network grid, for identifying the information of tenant, and the information of user (user):
In the LDARP server of storing metadata, maintain a virtual network grid graph array, represent with character matrix.Each grid represents the unique information of tenant (tenant) database, a dummy entry of tenant can be regarded as, be expressed as: GridT, for in each GridT, the secondary grid of the user (user) belonging to this tenant can be identified again by the form of grid, be expressed as: GridUser, concrete structure as shown in Figure 1.
The virtual network grid safeguarded in metadatabase, adopts the form of two dimensional surface grid, keeps a record by the numeral of four quadrants.Detailed process is: GridT.A corresponding to first tennatA is on the first quartile of two dimensional surface, and one of them summit is initial point, and the length of side is unit 1, and reference numbers is (0.5,0.5), i.e. square center point coordinates.GridT.B corresponding to second tenantB is to the expansion of X-axis positive direction, and the length of side is still unit 1, and reference numbers is (1.5,0.5), the like.Design so, can allow network grid be stored in calculator memory, and can locate.In addition, so design has autgmentability by force, in order to meet the development of SaaS software supermarket.
Second step, when a tenant completes when the license of SaaS platform, the virtual network grid of metadatabase to this tenant carries out initialization:
The initialization of network grid comprises two stages, and the first stage is the one-level grid initialization to tenant, and second stage is the grid initialization to user.Wherein:
In the first stage, for tenant tenantA, when he obtains rights of using on SaaS platform time, on meta data server, in virtual network grid, just with one piece of idle grid, identify: GridT.A.When user User.no.a has achieved the power logging in SaaS platform, and after being under the jurisdiction of tenantA, the software service selecting oneself to wish to obtain can be gone, in this time, user User.no.a can obtain two identifiers that tenantA issues: the first identifier MarkUser.A and the second identifier NoteUser.a.
In second stage, GridT.A is secondary grid for user sets up, and is designated SubGrid.User.a, in the secondary grid of GridT.A, with an idle grid identifier user User.no.a.The effect of this identifier ensures that this user is under the jurisdiction of tenantA.
According to step like this, set up one piece of grid to each tenant Tenant of virtual network grid, each grid sets up secondary grid again, and a very large honeycomb grid will be based upon in meta data server, as shown in Figure 2.
3rd step, user user access SaaS platform, and when the service that the tenant finding correspondence provides, network grid controls user access:
After user logs in SaaS platform, accesses meta-data server, meta data server recalls network raster data, is used for comparing with user profile.
When meta data server maintaining network grid, network grid is located three kinds of states: do not open (unopened), open (open), no thoroughfare (ban).
The metadatabase access of virtual network grid to user of having set up controls.First, metadatabase obtains the first identifier MarkUser.A from user login information, if information is correct, so GridT.A state is converted into open from unopened and is converted into unlatching, allows user to access the database entry of TenantA; If be: MarkUser.B, will be so GridT.B by what open for it in the log-on message of user.Strategy so just prevents the intersection unauthorized access of user between many tenant.Then, network grid utilizes secondary grid to carry out next step comparison, if the second identifier NoteUser.a (user profile) is correct, so secondary grid SubGrid.User.a is user's unlatching, and user starts the database of accessing TenantA.
Secondly, it is no matter the security control of metadata level, or the security control of tenant level, when there is disabled user, grid will identify into forbids (ban) state, like this, after relative program is checked through the state of grid, the closedown of database entry can be transferred, prevent the access of disabled user.When certain tenant is not resident on this SaaS platform, the grid G ridT of its correspondence also will cancel, and get back to no initializtion state, for use in the tenant that other are newly-increased.
After 4th step, the license of user by metadatabase, when conducting interviews to the database of each tenant, the access control policy of main flow is adopted to supervise:
First, we are from the feature of SaaS, this platform can be interpreted as: software supermarket.So, the classification of software, all can there is huge difference in range of application.What we paid close attention to is the different application software requirement rank for data security.Such as, the database security grade of the software needs of amusement compares the requirement of financial process class software, just much lower.If we adopt same data security grade to each tenant, so the expense of whole system will be very huge.
Therefore, management each tenant database in, we can adopt following three kinds flexibly visiting mechanism to realize access control:
The means that the corresponding relation of self contained navigation (Discretionnary Access Control): this kind of access control is based on user identity---working group has come, level of security is lower.
Forced symmetric centralization (Mandatory Access Control): this kind of access control wants classification to each access subject and object, and specify level of trust, then adopt " upwards writing rule ", " reading rule downwards " has come.Level of security is higher, but underaction.
Role-base access control (Role-Based Access Control): this kind of access control gives user ID to each user, Operation system setting several " role ", divides according to role the operating right of data.User is assigned with, and is exactly " role ", and like this, the access control right of user has just been set.
5th step, when user's accessing shared data resource time, the entrance direct startup network grid identifying sharing data resources enters shared resource database: metadatabase is that the sharing data resources between Tenant sets up special mark grid G ridT.sign. (a, b), if simultaneously with MarkUser.A in user profile, MarkUser.B, so GridT.sign. (a, b) for user opens, user can direct accessing shared data storehouse DataSpace (A, B).
From the description of network grid, we can know, in meta data server, dummy grid chart completes the strict in-let dimple for each tenant.But we, as can be seen from the technical background of SaaS, may exist a kind of situation completely: tenantA and tenantB shares some resource, so in order to the thrifty property of database design, it is necessary for maintaining some shared data banks.So for the ease of user operation, need not allow after user enters the database of tennatA, find shared resource, and then exited the database of tenantA, entered shared data bank.This flow process is too loaded down with trivial details, is not easy to management, also wastes resource.
So we just need the Design Mode using extended network grid.Concrete structure is as shown in Figure 3: GridT.A has indications sign.a, GridT.B has indications sign.b, when tenantA and tenantB has shared resource, shared resource is stored in shared data bank tenant (A certainly, B) inner, and the space opening up to this part shared resource in shared data bank is: DataSpace (A, B), then utilize on virtual network grid and do not identify grid to identify DataSpace (A, B) entrance, be designated: sign. (a, b).
On SaaS platform, after user logs in, if the service that will use relates to the sharing data resources of tenantA and tenantB, on the virtual network grid that meta data server is safeguarded, the grid identifier of user profile and tenantA and tenantB will be compared, if met, so user directly jumps to grid sign. (a, b), DataSpace (A, B) is then accessed.