摘要
形式化地描述了角色、用户、权限、任务单元、授权策略、授权约束等实体及其相互间的关系 ,提出将授权约束分为需求角色约束、需求用户约束、拒绝角色约束及拒绝用户约束 ,并在此基础上建立了授权约束的冲突检测规则 实现了授权流与工作流的同步 ,并通过授权约束的冲突检测确保了工作流的有效执行
The model formally describes the key elements of access control such as role, user, privilege, task unit, authorization strategy, authorization constraint and the relationship between these elements We identify the following four types of authorization constraints: require role constraints, require user constraints, deny role constraints and deny user constraints, then provide constraint consistency checking rules upon them In this model, authorization flow is synchronized with workflow and the workflow can be efficiently executed through the constraint consistency checking rules The main advantage of the model is its comprehensiveness, flexibility and practicability
出处
《计算机辅助设计与图形学学报》
EI
CSCD
北大核心
2004年第7期992-998,共7页
Journal of Computer-Aided Design & Computer Graphics
基金
国家"八六三"高技术研究发展计划 ( 2 0 0 1AA412 0 10 )资助
关键词
基于角色访问控制
工作流
动态授权
授权约束
授权约束冲突检测
role based access control
workflow
dynamic authorization
authorization constraint
constraint consistency checking