摘要
针对传统RBAC模型在大型综合集成系统中的权限管理以及访问控制的不足,从授权委托和访问控制的细粒度方面对RBAC模型进行扩充,通过将客体资源按主体的意图以尽量小的粒度分解和设置角色属性以实现细粒度的访问控制,附加时间约束来增强模型对角色、权限、委托等的约束能力,并且引入授权委托机制以及角色组的概念,解决了综合系统授权管理的复杂性和集中性问题.
For improving of permission management and access control in complex integrated system, an extended role-based access control model is proposed which supports delegation and fine-grained aecess control. The model decomposes objects to less granularities by purpose of subjects and defines role attributes to realize fine-grained access control, appends time constrains to strengthen capacity of constraints for roles, permissions and delegation, and introduces delegation mechanism and role groups to solve the complexity and centralization questions of integrated system.
出处
《江西师范大学学报(自然科学版)》
CAS
北大核心
2011年第4期409-413,共5页
Journal of Jiangxi Normal University(Natural Science Edition)
基金
江西省自然科学基金(2008GZS0012)
江西省科技支撑计划重点项目(42108002)资助
关键词
授权委托
时间约束
角色
访问控制
delegation
time constraints
fine-grained
role
access control
