摘要
介绍了个人权限、角色权限和临时权限的构成特点,提出了三种不同权限的访问控制方法,并采用server-pull系统架构,针对角色权限对LDAP模式进行扩展,实现了基于RBAC模型在企业基础信息平台中的访问控制应用.系统以LDAP目录服务器当作角色服务器,使用户在某种安全模式下(如在SSL上)得到需要的角色信息,从而实施相关的RBAC策略以达到访问控制目的,具有简单灵活的特点.
The network security polices in terms of users personal, role and temporary attributes are introduced; and then the access and control mechanism for the three security polices are put forward. An adoption of server-pull and LDAP structure is discussed to perform access and control for the enterprise fundamental information platform based on RBAC. The system employs LDAP directory server as the role server and users can obtain required information in certain secure mode (e. g. SSL), so as to imple- ment the relevant RBAC strategy to achieve the access control purpose. The structure's feature is simple and flexible.
出处
《武汉大学学报(工学版)》
CAS
CSCD
北大核心
2006年第4期102-106,共5页
Engineering Journal of Wuhan University
关键词
访问控制
RBAC
LDAP
access control
role-based access control (RBAC)
lightweight directory access protocal(LDAP)