摘要
针对应用服务提供商模式的网络化制造系统的特点,设计了面向多用户的认证模型,将不同应用系统的认证功能和账号管理功能加以集成,用单点登录方式实现系统对用户的认证,分别采用单一口令认证、一次性口令认证和Kerberos协议认证,对不同等级的用户进行身份验证。对基于角色的访问控制模型进行时间约束扩展,在传统的静态主体和客体保护之上加入时间约束,使之能够随着时间的变化进行动态的授权保护。对于多会话时间约束,提出了用层次分析法计算各会话权重,根据会话的加权因子进行时间分配的算法,为应用服务提供商用户访问应用程序提供了安全保障。
A multi-user authentication model for the networked manufacturing system based on Application Service Provider(ASP) mode was designed.Single sign-on technology was used in users' authentication in which different authentication and account management functions in various application systems were integrated.Different authentication methods including password authentication,one-time password authentication and Kerberos authentication were introduced to different users' level.A role-based access control model with time character was discussed in which time constraints were applied to the traditional access control model to enable dynamic authorization constrains.For time constraints affecting more than one session,Analytical Hierarchy Process(AHP) was used to calculate the weight of each session,according to which the time limit for each session was set.The above model guaranteed secure access to ASP applications for remote users.
出处
《计算机集成制造系统》
EI
CSCD
北大核心
2007年第11期2121-2125,共5页
Computer Integrated Manufacturing Systems
基金
国家自然科学基金资助项目(50475168)
上海市基础性研究重点资助项目(06JC14066)。~~
关键词
网络化制造
应用服务提供商
身份认证
访问控制
安全
networked manufacturing
application service provider
authentication
access control
security
