摘要
提出了一种声明式的、面向对象的、灵活访问控制策略的形式化描述、决策算法和实施框架。与传统访问控制策略相比,它包含授权类型、主体、权限、限制、影响等策略元素,能够更加精确地描述各类控制需求;同时,提出的策略决策算法和实施框架能适应决策环境的动态变化,有效满足复杂分布式系统的访问控制需求;最后,作为应用的例子,介绍了这种策略和实施框架在分布式园区网中的实现和应用情况。
This paper presented a flexible, object-oriented and declarative access control policy, its decision-making algorithm and enforcement framework. Compare to traditional access control policies, it consisted of five components-authorization type, subject, permission, constraint and effect, which made it flexible enough to express a variety of access control requirements. Presented decision-making algorithm and enforcement framework were adaptived to dynamic environment change, and could efficiently satisfy the requirement for distributed application. As an example of such application, also discussed its implementation and application in a distributed campus network system.
出处
《计算机应用研究》
CSCD
北大核心
2008年第9期2831-2833,共3页
Application Research of Computers
基金
国防预研基金资助项目(9140A26010306JB5201)
关键词
灵活访问控制策略
访问控制实施框架
分布式应用
flexible access control policy
access control enforcement framework
distributed application
