CN102664912A - Shared method for roles between different clouds - Google Patents
Shared method for roles between different clouds Download PDFInfo
- Publication number
- CN102664912A CN102664912A CN2012100728772A CN201210072877A CN102664912A CN 102664912 A CN102664912 A CN 102664912A CN 2012100728772 A CN2012100728772 A CN 2012100728772A CN 201210072877 A CN201210072877 A CN 201210072877A CN 102664912 A CN102664912 A CN 102664912A
- Authority
- CN
- China
- Prior art keywords
- role
- cloud
- user
- association
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a shared method for roles between different clouds. According to the method, roles of clouds are graded, roles with different grades access to data with the corresponding grades, high-grade roles can access to low-grade data, yet low-grade roles are not allowed to access to high-grade data; simultaneously, association is carried out on the roles between the clouds, when a user accesses to a group which is exclusive of the role thereof, the new group gives a role which can be approved by the new group to the user by role association according to a role of the user in an original group, in this way the user can directly access to data of the new group; and in a strategy, when a user in a cloud wants to access to data in another cloud, by establishing role hierarchy inside the clouds and role association outside the clouds, a system gives the user a role which can be approved by the present cloud according to role association.
Description
Technical field
The present invention relates to the cloud computing field, the role's between specifically a kind of different clouds shared method.
Background technology
Cloud computing is a kind of emerging commercial computation model, and he is distributed in calculation task on the resource pool of great amount of calculation mechanism one-tenth, makes various application systems can obtain computing capability as required, memory space and various software service.In the cloud computing epoch; So same user need obtain data because playing the part of different roles in different clouds; Current control of authority principle is the corresponding role of a user; The information that the user wants in order to obtain controlling oneself just need apply for simultaneously that different roles obtains different authorities, makes troubles to the user.Because the user in the cloud has a huge radix, gather so can produce the role-security of a bigger quantity, simultaneously the operation build-up of pressure of cloud.
For the data between visit cloud that can be easier, we propose a kind of simple, effectively access strategy.
Summary of the invention
The shared method that the purpose of this invention is to provide the role between a kind of different cloud.
The objective of the invention is to realize, the role in the cloud is carried out grade classification by following mode, the data of the corresponding grade of the role access of different brackets, high-grade role can visit inferior grade role's data, and rudimentary role do not allow to visit senior role's data; Simultaneously the role between cloud is carried out association; When will visit the role's who does not comprise him crowd as a user; New crowd can give its role in this group approval the role of primitive horde through role association according to this user, and the user just can directly visit the data of this group like this;
In strategy; When the user in the cloud wants to visit the data in another cloud; Through in cloud, establishing role's level, outside cloud, set up role association, during data in the user need visit another cloud; System can distribute an ability by a role of current cloud approval to the user according to role association;
When increasing a role in the cloud newly, the method can automatically adapt to this change and association between the role not needs do any change; When deleting a role in the cloud, this role's of deletion arrival institute is relevant, former related this role's of arrival the role of subordinate; For fear of occurring not thinking originally between a plurality of clouds that mutual data carry out alternately cloud being identified, carrying out attaching the own initially sign of cloud when the role shuttles back and forth, concrete steps are following:
The at first following set of definition and related
1) converge and close Cloud1, Cloud2},
2) the set of the role in the Cloud1 C1_level1, and C1_level2, C1_level3},
3) the set of the role in the Cloud2 C2_level1, and C2_level2, C2_level3},
4) role association between Cloud1 and the Cloud2 is specified a unidirectional related CR:C2_Level2 → C1_level3
5) the hierarchical associated RR1:C1_level1 in the Cloud1>C1_level2>C1_level3
6) the hierarchical associated RR2:C2_level1 in the Cloud2>C2_level2>C2_level3
When the user User with C2_Level2 role among the Cloud2 will visit Cloud1, to role C1_Level3 in the User tax, give this ID C2 according to association simultaneously, be to obtain with the authority of representing this user through the authority among the Cloud2 is related.
The invention has the beneficial effects as follows: broken user of tradition and will visit the access module that data in the different clouds need be applied for different role; The user only needs in a cloud, to have authority; Be that addressable a plurality of different cloud can easier expanded application, and then the effect that reduces cost.
Method of the present invention can reduce the data because of role and authority generation greatly, has brought facility to the user simultaneously, has boundless application prospect.
Description of drawings
Fig. 1 is cloud interior angle chromatograph time related association role management set RR figure;
Fig. 2 is role association CR figure between cloud.
Embodiment
Explanation at length below with reference to Figure of description method of the present invention being done.
The present invention is the basis with role's level, and through the mode of dynamic call role association, the close coupling of break traditions role and authority reaches agile and all-purpose purpose.
The basic thought of this method is that we carry out grade classification to the role in the cloud, and the role of different brackets can visit the data of corresponding grade, and high-grade role can visit inferior grade role's data, and rudimentary role does not allow to visit senior role's data; We carry out association to the role between cloud simultaneously; When will visit the role's who does not comprise him crowd as a user; New crowd can give its role in this group approval the role of primitive horde through role association according to this user, and the user just can directly visit the data of this group like this.
In this method we not the mandatory requirement keeper that is responsible for concerning between cloud create a mapping for the role of each level in other clouds to this group; When increasing a role in the cloud newly, the method can automatically adapt to this change and association between the role not needs do any change; When deleting a role in the cloud, this role's of deletion arrival institute is relevant, former related this role's of arrival the role of subordinate; For fear of occurring not thinking originally between a plurality of clouds that mutual data carry out alternately cloud being identified, carrying out to attach the own initially sign of cloud when the role shuttles back and forth.
This method comprises:
1, the role in the cloud gather 2, converge close 3, role association set between time set 4 of cloud interior angle chromatograph, cloud;
Wherein:
(1) set of the role in the cloud, the role gathers R:{Role1, Role2, Role3};
(2) converge and close C:{Cloud1, Cloud2};
(3) cloud interior angle chromatograph time related association role management set RR sees accompanying drawing 1;
(4) role association CR between cloud sees accompanying drawing 2.
Embodiment
The process of this method of realization is described with an instantiation in the face of content of the present invention down.
At first we define some set and association according to our method
1. converge and close Cloud1, Cloud2},
The 2. set of the role in the Cloud1 C1_level1, and C1_level2, C1_level3},
The 3. set of the role in the Cloud2 C2_level1, and C2_level2, C2_level3}.
4. the role association between Cloud1 and the Cloud2, we only specify a unidirectional related CR here:
C2_Level2→?C1_level3
5. the hierarchical associated RR1:C1_level1 in the Cloud1>C1_level2>C1_level3
6. the hierarchical associated RR2:C2_level1 in the Cloud2>C2_level2>C2_level3
When the user User with C2_Level2 role among the Cloud2 will visit Cloud1; We can be according to association to role C1_Level3 in the User tax; Giving this ID C2 simultaneously, is to obtain through the authority among the Cloud2 is related with the authority of representing this user.
Certainly this invention also has a lot of instances, this just wherein the simplest a kind of use.
Except that the described technical characterictic of specification, be the known technology of those skilled in the art.
Claims (1)
1. the role's between the different clouds shared method; It is characterized in that the role in the cloud is carried out grade classification; The data of the corresponding grade of the role access of different brackets, high-grade role can visit inferior grade role's data, and rudimentary role does not allow to visit senior role's data; Simultaneously the role between cloud is carried out association; When will visit the role's who does not comprise him crowd as a user; New crowd can give its role in this group approval the role of primitive horde through role association according to this user, and the user just can directly visit the data of this group like this;
In strategy; When the user in the cloud wants to visit the data in another cloud; Through in cloud, establishing role's level, outside cloud, set up role association, during data in the user need visit another cloud; System can distribute an ability by a role of current cloud approval to the user according to role association;
When increasing a role in the cloud newly, the method can automatically adapt to this change and association between the role not needs do any change; When deleting a role in the cloud, this role's of deletion arrival institute is relevant, former related this role's of arrival the role of subordinate; For fear of occurring not thinking originally between a plurality of clouds that mutual data carry out alternately cloud being identified, carrying out attaching the own initially sign of cloud when the role shuttles back and forth, concrete steps are following:
The at first following set of definition and related
1) converge and close Cloud1, Cloud2},
2) the set of the role in the Cloud1 C1_level1, and C1_level2, C1_level3},
3) the set of the role in the Cloud2 C2_level1, and C2_level2, C2_level3},
4) role association between Cloud1 and the Cloud2 is specified a unidirectional related CR:C2_Level2 → C1_level3
5) the hierarchical associated RR1:C1_level1 in the Cloud1>C1_level2>C1_level3
6) the hierarchical associated RR2:C2_level1 in the Cloud2>C2_level2>C2_level3
When the user User with C2_Level2 role among the Cloud2 will visit Cloud1, to role C1_Level3 in the User tax, give this ID C2 according to association simultaneously, be to obtain with the authority of representing this user through the authority among the Cloud2 is related.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100728772A CN102664912A (en) | 2012-03-20 | 2012-03-20 | Shared method for roles between different clouds |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100728772A CN102664912A (en) | 2012-03-20 | 2012-03-20 | Shared method for roles between different clouds |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102664912A true CN102664912A (en) | 2012-09-12 |
Family
ID=46774321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100728772A Pending CN102664912A (en) | 2012-03-20 | 2012-03-20 | Shared method for roles between different clouds |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102664912A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102904892A (en) * | 2012-10-17 | 2013-01-30 | 浪潮(北京)电子信息产业有限公司 | Security model and security strategy of cloud computing data center operating system |
| CN105262741A (en) * | 2015-09-29 | 2016-01-20 | 浪潮集团有限公司 | Method for login-free access with permission between clouds |
| CN109525605A (en) * | 2019-01-03 | 2019-03-26 | 杭州数梦工场科技有限公司 | A kind of account management method, device, system and computer readable storage medium |
| CN110798338A (en) * | 2019-09-30 | 2020-02-14 | 烽火通信科技股份有限公司 | Edge cloud deployment method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594386A (en) * | 2009-06-29 | 2009-12-02 | 北京航空航天大学 | Reliable virtual organization construction method and device based on distributed strategy verification |
| WO2011121353A2 (en) * | 2010-03-30 | 2011-10-06 | Disos Pty Ltd | Cloud computing operating system and method |
-
2012
- 2012-03-20 CN CN2012100728772A patent/CN102664912A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594386A (en) * | 2009-06-29 | 2009-12-02 | 北京航空航天大学 | Reliable virtual organization construction method and device based on distributed strategy verification |
| WO2011121353A2 (en) * | 2010-03-30 | 2011-10-06 | Disos Pty Ltd | Cloud computing operating system and method |
Non-Patent Citations (1)
| Title |
|---|
| 廖振松等: "一种对IRBAC2000模型的改进方法", 《华中科技大学学报(自然科学版)》, 31 December 2005 (2005-12-31) * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102904892A (en) * | 2012-10-17 | 2013-01-30 | 浪潮(北京)电子信息产业有限公司 | Security model and security strategy of cloud computing data center operating system |
| CN105262741A (en) * | 2015-09-29 | 2016-01-20 | 浪潮集团有限公司 | Method for login-free access with permission between clouds |
| CN109525605A (en) * | 2019-01-03 | 2019-03-26 | 杭州数梦工场科技有限公司 | A kind of account management method, device, system and computer readable storage medium |
| CN110798338A (en) * | 2019-09-30 | 2020-02-14 | 烽火通信科技股份有限公司 | Edge cloud deployment method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102063502B (en) | Method for realizing synchronization of data in heterogeneous database | |
| CN103607466B (en) | A kind of wide-area multi-stage distributed parallel grid analysis method based on cloud computing | |
| CN101986661B (en) | Improved MapReduce data processing method under virtual machine cluster | |
| CN111199279A (en) | Cloud edge calculation and artificial intelligence fusion method and device for police service industry | |
| CN102664912A (en) | Shared method for roles between different clouds | |
| CN103870314A (en) | Method and system for simultaneously operating different types of virtual machines by single node | |
| CN107222531A (en) | A kind of container cloud resource dispatching method | |
| CN107193499A (en) | A kind of moving method and device of container data volume | |
| CN105894159A (en) | Implementation method of cross-domain and cross-platform user unified management system | |
| CN103259872A (en) | Multi-source heterogeneous geographic information service platform based on open-type grid system | |
| CN101256599B (en) | System for gathering data of distributing simulation platform based on grid | |
| CN104282140A (en) | Large-scale real-time traffic index service method and system based on distributed framework | |
| CN106020970A (en) | Heterogeneous virtualization platform management framework in private cloud environment | |
| CN104407921A (en) | Time-based method for dynamically scheduling yarn task resources | |
| CN104299068A (en) | Cabin display control information management system and method based on ARINC 661 | |
| CN104182356B (en) | A kind of EMS memory management process, device and terminal device | |
| CN105096181A (en) | E-commerce transaction method and E-commerce transaction system for big data | |
| CN107038257A (en) | A kind of city Internet of Things data analytical framework of knowledge based collection of illustrative plates | |
| CN105049485A (en) | Real-time video processing oriented load-aware cloud calculation system | |
| CN103532816A (en) | Virtual network reliable mapping method capable of considering constraint of geographic position | |
| CN104717268A (en) | Method and system for realizing interface configuration and development through object-oriented technology | |
| CN107844566A (en) | A kind of dump control methods and its system | |
| CN103945004B (en) | Data dispatching method and system between a kind of data center | |
| CN104345652B (en) | A kind of parallel control communication system of multiple agent | |
| CN104468379B (en) | Virtual Hadoop clustered nodes system of selection and device based on most short logical reach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120912 |
|
| WD01 | Invention patent application deemed withdrawn after publication |