摘要
在研究现有信任协商解决方案的基础上,提出了一种基于属性的信任协商模型.在该模型中,将所有的对象看作为实体,并将每个实体与一对应的证书绑定,有效保证资源的合法性,避免了非授权用户对系统的访问.给出了模型的体系结构,描述了用户访问资源的流程,设计了用户的属性证书和资源的策略证书,并从安全、效率、扩展性等方面对模型进行了可行性分析.分析表明,模型具有单点登录、PULL模式访问资源、用户隐私保护、访问控制策略保护、易于实现的特点.
On the basis of existing solutions to trust management, an attribute-based confidence negotiation model was proposed. Every object, including users and resources and so on, was treated as an entity and was binded by a corresponding certificate, ensuring that each resource was valid and nonauthorized access of users was forbidden. The architecture and workflow of the model as well as the formats of userls attribute certificate and resource's policy certificate were presented. The security, efficiency and extensibility of the model were analyzed. The results showed the model with single-login could access to resources in PULL mode, protect the private privacy and the access control policy and could be implemented easily.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2006年第5期30-32,39,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金重大资助项目(90412010)
关键词
信任协商
认证
授权
属性证书
trust negotiation
authentication
authorization
attribute certificate
