摘要
通过考察基于角色的访问控制RBAC模型,提出了一个实用的扩展模型。扩展模型主要引入属性和分组的概念,将具有相同角色的用户定义为一个组,按用户组指派相应的角色。并对权限和属性分组,按组为角色指派相应的属性和权限,解决了原模型在用户指派时不易表达对用户特征的限制。实体分为用户组、权限组、属性组等,简化了对RBAC系统中大量实体的管理,减轻了安全管理员进行用户指派、权限指派和属性指派时的工作量,增强了实用性。扩展模型中的实体与面向对象的编程方法OOP中的概念存在对应关系,软件开发人员很容易理解和实现。
This paper presents a practical extended model through discussing Role - based Access Control model. The extended model mainly introduces the concepts of Feature and Group. Users with same features are formed into a group, to which roles are assigned. Permissions and features are also grouped. They are assigned to roles. It solves the problem that user' s characters are difficult to be expressed in user assignment in original model. Entities are divided into user groups, permission groups and feature groups etc. It eases the management to a large number of entities in RBAC system and reduces the workload of security administrator in user assignment, permission assignment and feature assignment. It also enhances the practicability. The entities in the extended model have some corresponding concepts in Object - Oriented Programming methodology, it is easy to be understood and implemented by software engineers.
出处
《计算机仿真》
CSCD
2007年第1期124-126,共3页
Computer Simulation
基金
国家自然科学基金资助项目(60203017)
关键词
基于角色的访问控制
属性
属性指派
分组
Role - based access control
Feature
Feature assignment
Group
