实现基于角色访问控制的PMI角色模型

A PMI role model for implementation of role-based access control

研究了用权限管理基础设施(PMI)的角色模型实现基于角色的访问控制的相关问题,提出了一种改进PMI角色模型.改进模型增加了用户组规范属性证书和用户组分配属性证书,并为SOA(或AA)增加授权策略库,为权限验证者增加本地角色规范属性证书库和访问控制策略库,给出了授权和访问控制过程.改进模型便于管理具有相同角色的用户的属性证书,能够表达基于角色访问控制中的约束问题,提高了证书查询效率,增强了系统的实用性.

The study was carried out of how to implement role based access control by using role model in privilege management infrastructure （PMI）. Then, an improved model was introduced. User-group Specification attribute certificate and user-group assignment attribute certificate are introduced into the improved model. Authorization policy depository is deployed at SOA or AA, while local role specifica- tion attribute certificate depository and access control policy depository are deployed at privilege verifi- er. Authorization process and access control process were proposed. The improved model has several advantages, easing management of users＇ attribute certificates who have the same roles, ability to express constraints in RBAC, enhancing the certificate query efficiency and practicability.