摘要
由于基于属性的访问控制所具有的较高灵活性和细粒度的特点,提出了基于角色和属性的Web Services访问控制模型。该模型将属性访问控制引入角色访问控制中,将角色从属性中独立出来与属性同等地作为授权决策的依据,在授权时先考虑用户的角色,只有当用户的角色达到系统的要求时才考虑属性的因素是否满足访问控制的要求,这样便实现了双重访问控制。此模型通过对角色和属性进行访问控制,能够表现出更高的安全性和更细的访问控制粒度。
Since the property of higher flexibility and fine granularity, attribute-based access control was introduced into role-based access control,and a Role-and-Attribute Based Access Control model was proposed. In this model role was independent from the properties and be a basis for decision-making authority with attributes with the equal status in the authorization. When authorized, the system will consider the user's role as a priority, only when the user's role meets the requirements then reconsider the attribute factors which achieved dual access control. This model has a higher security and fine-grained access control with the role and attributes.
出处
《微计算机信息》
2011年第2期148-150,共3页
Control & Automation
基金
山东省自然科学基金(Y2008G22)