摘要
通过分析XACML的RBAC框架并结合RBAC96模型族的特点,指出了该框架的缺陷,即该框架不支持RBAC96模型族中的受限模型。通过在该框架中增加互斥角色、角色基数限制的XACML描述,完善了该框架并最终运用在GridSphere门户中,体现了在授权过程中的责任分离原则。
By analyzing the XACML-based RBAC framework and combining with the characteristics of RBAC96 model, this paper points out the shortcomings of the framework that it does not support the restricted model in RBAC96 model. By increasing XACML description for the mutually exclusive roles and cardinality constraints in the framework, this paper improves the framework and ultimately uses it in the GridSphere portal and realizes the principle of separation of responsibility in the authorization process.
出处
《电脑与电信》
2011年第2期55-57,共3页
Computer & Telecommunication
