ACCESS CONTROL METHOD AND ACCESS CONTROL SERVER

摘要

The present invention provides an access control method and an access control server. The method comprises the following steps: the access control server parses the received access request, extracts a subject, an object and a request operation from the access request; looks up the object of the access request in an access control strategy file, and according to the access control label of the found object, determines the operation authority of the subject of the access request to the object of the access request; the access control strategy file is a model tree Extensible Markup Language (XML) document generated based on the XML Schema document, the element of the model tree XML document is the access control object, and the access control label of the element of the model tree XML document defines the subject which is allowed to access the object and the operation authority of the subject to the object; the access control server matches the request operation in the access request to the found operation authority of the subject in the access request, determines an access decision according to the matching result, and returns an access response including the access decision.