摘要
针对互联网应用系统平台建设中权限管理和数据访问控制能力不易扩展和重用的局限,结合SAML对NIST-RBAC的统一模型进行了改进,提出以SAML标准实现可移植的信任角色授权的访问控制扩展模型(ExRBAC).利用SAML的可信凭证扩展用户和角色之间的层次,增加角色的信任层次以加强粒度控制,同时设置分层预处理,用于降低处理权限判决点时的复杂性,并结合分层的信任角色扩展了访问认证粒度的动态性.最后以开源门户eXo Platform为实验平台,给出了模型授权流程以及在大型企业门户服务平台应用实例,验证了提出的扩展模型的有效性.
For the expansion and reusability of authentication management and data access control ability in application systems on Internet, a new expanded role-based access control model, ExRBAC, is proposed by improving the unified NIST-RBAC model,in which the SAML standard is used to achieve portable the trust authorization of roles. In the proposed model the trust hierarchy is added between the layers of users and roles by employing trusted certification, in order to enhance the access granular,and the stratification pretreatment can reduce the complexity of the authority identification, then the hierarchical trust roles may expanded the dynamics and variability of the granularity of access authentication. Finally, the experimental test on an open portal exo-Platform has shown that it is effective for the authorization procedure of the proposed model with an example of an enterprise portal serwces system.
出处
《东北师大学报(自然科学版)》
CAS
CSCD
北大核心
2014年第1期60-65,共6页
Journal of Northeast Normal University(Natural Science Edition)
基金
国家自然科学基金资助项目(61075049,61375121)
国家科技型中小企业技术创新基金资助项目(12C26243403509)
安徽高校省级自然科学研究项目(KJ2010B268,KJ2011A268)
六安市委托产学研重点资助项目(2012LWB010,2012LWA018)
