摘要
针对传统访问控制模型在新一代可信互联网环境应用中存在用户角色赋值效率不高、跨域访问控制实现困难等局限性,提出了基于属性的通用访问控制框架。该框架对用户、资源、操作和上下文四类对象的属性信息进行统一的描述和处理,简化了传统RBAC及其他访问控制系统复杂的权限判定方式,从而增强了访问控制系统的通用性和灵活性;同时,对于跨域的访问应用了基于属性证书的验证方式并给出了相应的策略评估方案和评估算法,能够针对不同应用域中用户的访问需求动态实施资源管理和访问控制;另外,框架中引入的运行上下文对象机制,进一步提升了该框架对复杂、动态互联网环境的适应能力。
Concerning the limitations of the application of traditional access control model in new generation credible Interact environment, such as the inefficiency in user-role assignment and the difficulty in cross-domain access control, a universal attribute-based access control framework was proposed. It took a unified method to dispose the attributes of users, resources, operations and running context, simplified the complex way of permissions determination in traditional RBAC and other access control modes, thus enhancing the versatility and flexibility of access control system. At the same time, authentication based on attribute certificates was applied in cross-domain access, policy evaluation and evaluation algorithm were also discussed, which could dynamically realize resource management and access control for users from different domains. In addition, the mechanism of the running context makes the framework more suitable to be applied in complex and dynamic Internet environment.
出处
《计算机应用》
CSCD
北大核心
2010年第10期2632-2635,2640,共5页
journal of Computer Applications
基金
国家科技支撑计划项目(2008BAH37B04)
关键词
开放网络环境
访问控制
属性
运行上下文
规则
open network environment
access control
attribute
running context
rule
