摘要
研究了用权限管理基础设施(PMI)的角色模型实现基于角色的访问控制的相关问题,提出了一种改进PMI角色模型.改进模型增加了用户组规范属性证书和用户组分配属性证书,并为SOA(或AA)增加授权策略库,为权限验证者增加本地角色规范属性证书库和访问控制策略库,给出了授权和访问控制过程.改进模型便于管理具有相同角色的用户的属性证书,能够表达基于角色访问控制中的约束问题,提高了证书查询效率,增强了系统的实用性.
The study was carried out of how to implement role based access control by using role model in privilege management infrastructure (PMI). Then, an improved model was introduced. User-group Specification attribute certificate and user-group assignment attribute certificate are introduced into the improved model. Authorization policy depository is deployed at SOA or AA, while local role specifica- tion attribute certificate depository and access control policy depository are deployed at privilege verifi- er. Authorization process and access control process were proposed. The improved model has several advantages, easing management of users' attribute certificates who have the same roles, ability to express constraints in RBAC, enhancing the certificate query efficiency and practicability.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2006年第7期24-26,共3页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(60203017).
关键词
基于角色的访问控制
权限管理基础设施
公钥证书
属性证书
role based access control
privilege management infrastructure
publie-key certificate
attribute certificate