一种基于委托逻辑的协作环境访问控制模型

A Delegation Logic Based AC Model for Collaborative Environment

提出了一种基于委托逻辑的访问控制模型——DLBAC,将凭证、RBAC元素和访问策略转化为统一的委托逻辑规则。引入了访问控制单元的概念来表示一个访问控制系统,并且定义了标准的规则传递接口,将跨实体企业的访问控制转换成企业内部传统的访问控制。这个访问控制模型既能保护企业资源的安全,同时又能实现协作环境内的资源共享。

The paper puts forward a delegation logic based access control model （DLBAC）. It translates the credentials, RBAC elements and access policies into unified delegation logic rules. An access unit （AU） wraps an AC system. The standard interface of AU is also defined. Then, the external access control is transformed into internal access control. This AC model can protect the assets and share the resource in collaborative environment.