一种基于RBAC的UCON管理模型

Administrative Model for UCON Based on RBAC

UCON模型作为新一代的访问控制模型,能够通过可变属性对使用实现连续控制,可满足当前开放的网络环境需求。但UCON模型仍存在一些缺陷:不能实现对权限的管理、对权限的委托和对属性来源的管理。为此,在UCON模型的基础上引入角色元素并把角色分为提供者角色和消费者角色,然后把权限分为直接使用权限和需要授权权限,以实现对UCON模型中权限的管理和权限的委托,并通过提供者角色对可变属性的来源进行管理,使UOCN对权限管理更加灵活,属性来源更加可信,从而使UCON的应用范围更加广泛。

UCON is a new generation access control model. It can control usage continually by variable attribute to meet the current demand of open network. But there are still some drawbacks in UCON model, that is to say the authority management, authority delegation and attribute source management can not be achieved. So the role elements are intro- duced and divided into the provider role and the eonsumer role based on the UCON model. Then the authority is divided into the direct usage authority and the authority to be authorized, in order to achieve the management of authority and authority delegation in the UCON model. And through the role of the provider, the management of the source of variable attributes can be achieved, making UOCN more flexible in management of authority and the attribute source more relia- ble, so the application scope of UCON is more extensive.