摘要
当前基于角色的访问控制系统完全依赖于管理者的集中管理方式,不能够满足分布式环境下的系统管理的需求,基于角色的转授权模型更适于分布式环境的授权管理。但是,目前已有的转授权模型的研究都仅限于基于常规角色的转授权与撤销,并且没有详细地讨论带时限的转授权与撤销的机制。本文将时间因素引入到转授权模型当中,同时在基于角色的管理模型的研究基础之上所扩展的模型称作基于角色的带时限的转授权与撤销模型(Temporal Role-hased Delegation and Revocation Model,TRDRM)。TRDRM在支持常规角色的转授权与撤销的同时,也支持管理角色的转授权与撤销,是集中管理方式和分布式管理方式的有效结合,满足了协同工作的需要。
Role-based Access Control is an enabling technology for managing and enforcing security in large-scale and enterprise -wide systems.Researchers have proposed many enhancements of RBAC models in the past decade, and delegation is an important factor for secure distributed computing environment.Delegation models with capabilities to process temporal information are powerful.RDM (Role-based Delegation Model) and TRDM (Temporal Role-based Delegation Model)are recently published delegation models focused on regular role delegation.This paper presents a Temporal Role-based Delegation and Revocation Model called TRDRM based on both RDM and TRDM.TRDRM not only supports regular role delegation and revocation, but also supports administrative role delegation and revocation.It is an effective way to build bridge between central management and distributed management.A prototype implementation of TRDRM is presented in the last part of this paper.It is the first step to incorporate TRDRM into the Collaborative Work Platform Systems.
出处
《计算机工程与应用》
CSCD
北大核心
2006年第A01期11-15,共5页
Computer Engineering and Applications
基金
国家自然科学基金资助项目(60373081
60673135)
广东省科学技术基金资助项目(04105503
05200302
5003348)
教育部"新世纪优秀人才支持计划"资助项目。
关键词
访问控制
转授权
时限
管理角色
access control
delegation
temporal
administrative role