Paper Info
Title
Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service.
Abstract
Software-as-a-Service (SaaS) introduces multi-tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create subtenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing relations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To address this problem, this paper provides a formal definition of a new tenant-based access control model based on administrative role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the autonomy of tenants, including their isolation and sharing relationships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is applied to design a geographic e-Science platform.
Year
DOI
Venue
2017
10.1007/s11704-016-5081-x
Frontiers of Computer Science
Keywords
Field
DocType
Software-as-a-Service (SaaS),multi-tenancy architecture (MTA),sub-tenancy architecture (STA),rolebased access control (RBAC) model,tenant-based access control model
Architecture,Computer security,Computer science,Authorization,Multitenancy,Software as a service,Formal description,Access control,Shared resource,Leasehold estate,Database
Journal
Volume
Issue
ISSN
11
3
2095-2228
Citations 
PageRank 
References 
4
0.41
14
Authors
4
Name
Order
Citations
PageRank
Qiong Zuo151.11
Meiyi Xie274.86
Guanqiu Qi316416.20
Hong Zhu475.52