期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于角色映射的跨平台授权研究 被引量:5

Cross-platform authorization based on role-mapping
下载PDF
导出
摘要 为解决网络化制造平台联邦集成中的跨平台授权问题,提出了一种基于角色映射的跨平台授权方式。独立自治的管理域之间通过角色映射,建立起合同性质的授权关系,并讨论了集成系统信任模型和跨平台访问控制过程。针对基于角色的访问控制模型,定义了包括四种映射关系和三种授权关系的形式化授权模型。为保证跨管理域授权的安全性和角色映射的合理性,提出了基于合同约束、静态约束和动态约束的风险控制机制。最后给出了集成系统授权服务器的体系结构及应用示例。 A role-mapping-based authorization method was presented to solve authorization problems across autonomous systems for the decentralized federate integration of networked manufacturing platforms. Independent autonomous domains established contractual authorization relationships with each other by setting role-mapping rules. The integration system's trust model and the across-domain access control processes were also discussed. A formal authorization model, including four mapping relations and three authorization manners, was defined based on the role- based access control model. To ensure authorization safety across autonomous administration domains and rationality of role-mapping, a risk-control mechanism was proposed based on contractual constraints, static constraints and dynamic constraints. Architecture of the authorization server and an application example were presented to illustrate working process of the role-mapping-based authorization method.
作者 徐云 肖田元
机构地区 清华大学自动化系
出处 《计算机集成制造系统》 EI CSCD 北大核心 2007年第9期1866-1872,共7页 Computer Integrated Manufacturing Systems
基金 国家863/CIMS主题资助项目(2004AA414021) 北京市科委资助项目(H020320020610-6)~~
关键词 网络化制造 联邦集成 授权 角色映射 风险控制机制 多管理域 networked manufacturing federate integration authorization role-mapping risk-control mechanism multiple domains
分类号 TP319 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献10

  • 1DE LAAT C, GROSS G, GOMMANS L, et al. RFC2903: generic AAA architecture[EB/OL]. (2000-08-03) [2005-12- 16]. http://www.rfc-archive.org/getrfc.php? rfc=2903.
  • 2VOLLBRECHT J, CALHOUN P, FARRELL S, et al.RFC2904: AAA authorization framework[EB/OL]. (2000- 08-03)[2005-12-16 ]. http://www.rfc-archive.org/getrfc. php? rfc=2904.
  • 3VOLLBRECHT J, CALHOUN P, FARRELL S, et al. RFC2905 : AAA authorization application examples[EB/OL]. (2000-08-03) [2005-12-16]. http://www.rfc-archive.org/getrfc. php? rfc=2905.
  • 4FARRELL S, VOLLBRECHT J, CALHOUN P, et al. RFC 2906:AAA authorization requirements [EB/OL]. (2000-08- 03) [2005-12-16]. http://www. rfc-archive.org/getrfc.php? rfc=2906.
  • 5LORCH M, COWLES B, BAKER R, et al. Conceptual grid authorization framework and classification[EB/OL]. (2004- 11-11 ) [ 2005-11-25]. http ://www. ggf. org/ggf_ does_ final. htm.
  • 6FOSTER I,KESSELMAN C.网格计算[M].金海,袁平鹏,石柯,译.北京:电子工业出版社,2004.
  • 7PEARLMAN L, WELCH V, FOSTER I, et al. A community authorization service for group collahoration[C]//Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks. Los Alamitos, Cal. , USA: IEEE Computer Society Press, 2002: 50-59.
  • 8CHADWICK D, OTENKO A, BALL E. Role-based access control with X. 509 attribute certificates[J]. Internet Computing, 2003,7(2) :62-69.
  • 9JOHNSTON W, MUDUMBAI S, THOMPSON M. Authorization and attribute certificates for widely distributed access control[C]//Proceedings of the 3th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. Los Alamitos, Cal. , USA:IEEE Computer Society Press, 1998: 340-345.
  • 10CHADWICK D W, OTENKO A. The PERMIS X. 509 role based privilege management infrastructure[J]. Future Generation Computer Systems, 2002,19 (2) : 277-289.

共引文献10

同被引文献41

引证文献5

二级引证文献13

计算机集成制造系统
2007年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部