摘要
传统的访问控制技术DAC,MAC不适于Web环境,RBAC/Web的响应效率较低.在分析了RBAC模型以及RBAC/Web参考实现的基础上,提出了结合RBAC思想与页面组件技术实现高效Web访问控制的思路,描述了RBAC数据库设计、身份验证与ARS激活、权限验证组件设计的方法.工程实践表明,该方案解决了RBAC/Web的效率问题,能够满足中、小型Web应用项目对访问控制系统的要求.
The traditional access control technics as DAC and MAC are not suitable for web environment,because RBAC/Web model has low efficiency. The author analyzed the RBAC model and the reference implementation of RBAC/Web, put forward an idea of achieving high-performance of access control for web application by the combination of RBAC and component technology. The methods of RBAC database design, validation and ARS activation, page component design are described. It's proved by project that the means described in this paper solved the inefficient problem of RBAC/Web, and met the demands of access control for middle scale and small scale web applications.
出处
《西安工业大学学报》
CAS
2008年第2期163-167,共5页
Journal of Xi’an Technological University
