摘要
在隐私得到保护的前提下,为了解决位于不同自治域的主体之间动态地交换数据和实现资源共享的问题,提出了一个基于属性的授权机制。该机制依赖于信任的第三方或联盟中心,对位于各组织中的主体和对象的属性进行映射,以属性集合作为主体的代表,确保不同组织的属性集合具有一致的存取权限。在本机制中给出了跨域属性映射的模型和服务策略,并结合模型给出其工作流程,实现跨安全域的身份验证并进行授权。
In order to solve the problem of being able to exchange data and share resources dynamically under the premise of protecting privacy between subjects located in different autonomous domains,an attribute-based authorization mechanism is proposed.The mechanism relies on a trusted third party or federation center to map the attributes of the principals and objects located in each organization,with the attribute set as the representative of the subjects,ensuring that the attribute sets of different organizations have consistent access rights.In this mechanism,the cross-domain attribute mapping model and the service strategy are given,and the workflow is given according to the model.Authentication and authorization about the cross-security domain are implemented.
作者
刘其群
Liu Qiqun(Henan Agricultural Vocational College,Zhengzhou,Henan 451450,China)
出处
《计算机时代》
2018年第9期14-16,20,共4页
Computer Era
基金
河南省郑州市科技局科技攻关项目"跨域认证授权机制的研究"(20150279)
关键词
隐私
授权机制
联盟中心
属性映射
服务策略
privacy
authorization mechanism
federation center
attribute mapping
service strategy