RBAC模型的扩充及其应用

RBAC（Role Based Access Control）是一种被广泛认可的信息系统访问安全规范管理模型，但RBAC访问安全规范模型如何与组织系统的业务过程规范模型融合，从而更有效地服务于可信业务协同系统的开发实践还值得进一步研究改进。在RBAC模型的基础上，融合协同业务规范中的义务及奖惩元素，提出RBAO（Role Based Access and Obligation）模型。RBAO模型不仅能描述角色在组织中可拥有的访问权力，还能描述角色在组织中可能要承担的义务及义务违反时将受到的处罚。这使得RBAO模型更适合用于组织可信规范业务协同系统的管理建模与开发。以具体实例说明了基于RBAO模型的可信业务协同系统管理的分析与建模方法。

RBAC extension and its application

RBAC(Role Based Access Control) is a widely accepted model suitable for access control of organizational information system.However there is still a gap need to be filled whenever considering practical application of RBAC in development of trustable organizational system,especially in combination of organizational business collaborative model with RBAC.Based on RBAC model,elements of obligation and reward/sanction in business collaborative model are proposed to extend RBAC to a new model called RBAO(Role Based Access and Obligation).RBAO specifies not only the authorizations of roles in an organization,but also their obligations and associated sanctions or rewards in collaborative business.RBAO is more applicable in trustable business collaborative system development comparing with RBAC.The analysis and modeling process of using RBAO in trustable collaborative business system development is illustrated through a case study.