摘要
现有的基于角色的访问控制模型多采用集中授权管理方式 ,不能满足大型复杂协作系统的需求 文中对RBAC96模型进行扩展 ,形成了支持授权的基于角色的访问控制模型 该模型引入角色语境作为自主授权活动的依据 ,通过语境部件授权极限值、授权域、授权类型以及撤销类型的定义 ,以支持灵活的自主授权活动 ,并支持多步授权 ,允许安全管理员对系统进行宏观安全控制 对该模型的基本部件和规范进行了描述 。
Role-based access control models introduced in literature cannot satisfy the requirements of complex system because of using central administration. A new model is introduced through extending RBAC96. This model develops ROLECONTEXT as the criterion of auto-authorization activity. Four ROLECONTEXT components, namely authorization maximum, authorization region, authorization type and revocation type are defined to support flexible and multi-step authorization. This makes the model permit security manager to control the system at a higher level. Core component and specifications of the new model are given. Moreover, algorithm for authorization and examples are illustrated.
出处
《计算机辅助设计与图形学学报》
EI
CSCD
北大核心
2004年第4期414-419,共6页
Journal of Computer-Aided Design & Computer Graphics
基金
国防科技重点实验室基金项目
总装备部"十五"预研项目资助