摘要根据继电保护信息系统的特点,本文提出了基于.NET的角色访问控制分布式系统模型架构,着重讨论了其中的数据库设计、身份验证加密票证策略、角色权限检查的具体实现方法、XML Web Service的应用及IIS、ASP.NET的具体配置方案,实现了基于Web服务的安全、通用和高效的访问控制,并给出了应用实例。
2[4]Morris Sloman, Emil Lupu, Imperial College. Security and Management Policy Specification. IEEE Network, 2002, 16(2)
3[5]Adam N R, Atluri Vijayalakshmi, Bertino Elisa. A Content-based Authorization Model for Digital Libraries. IEEE Translation Knowledge and Data Engineering, 2002, 14(2)
4StairRM Reynolds G W 张靖 蒋传海 等译.信息系统原理[M].北京: 机械工业出版社,2000..
5Ferraiolo D F,Barkley J F,Kuhn D R.A Role Based Access Control Model and Reference Implementation Within a Corporate Intranet ACM Transactions on Information Systems Security, 1999-02
6Gavrila S I, Barkley J F. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. Third ACM Workshop on Role-based Access Control, 1998
7Sandhu R, Coyne E J,Feinstein H L,et al. Role-based Access Control Models. IEEE Computer, 1996,29(2)
