首页 | 本学科首页   官方微博 | 高级检索  
     

基于角色和任务的工作流访问控制模型
引用本文:邢光林,洪帆.基于角色和任务的工作流访问控制模型[J].计算机工程与应用,2005,41(2):210-213,222.
作者姓名:邢光林  洪帆
作者单位:华中科技大学计算机学院,武汉,430074
摘    要:提出了一个基于角色和任务的工作流访问控制模型,其基本思想是:角色和权限不直接挂钩而是通过任务把角色和权限联系在一起,然后给用户指派合适的角色,用户通过其指派的角色获得可以执行的任务,然后在执行某个任务的某个具体实例时获得该任务所允许访问的客体的权限,更便于权限粒度的控制和管理。在模型的工作流任务规范中加入了时态约束,表示只能在某个时间段内执行该任务,这样可以保证授权有效时间与任务执行时间尽可能同步。在工作流的执行过程中,系统会保存一个授权基,即任务的历史执行信息,根据这些历史执行信息求出有资格执行任务的用户集,从而实现动态职责分离。

关 键 词:角色和任务  工作流访问控制  动态职责分离
文章编号:1002-8331-(2005)02-0210-04

A Workflow Access Control Model Based on Role and Task
Xing Guanglin,Hong Fan.A Workflow Access Control Model Based on Role and Task[J].Computer Engineering and Applications,2005,41(2):210-213,222.
Authors:Xing Guanglin  Hong Fan
Affiliation:Xing Guanglin 1 Hong Fan 2
Abstract:This paper proposes a workflow access control model based on role and task.The basic idea of this model is that roles and permissions are not connected directly but are put together by tasks,this is more convenient for control-ling and managing the granularity of permissions.In the task specification,this paper added periodic time constraint which means that the task can only be executed in the periodic time ,thus ensure that the authorization valid time is synchronized with the execution time as soon as possible.During the execution of the workflow,system keeps an autho-rization base,that is the history execution information of tasks,system can query the eligible users to execute a task ac-cording to these history information,consequently realize the dynamic separation of duties.
Keywords:role and task  workflow access control  dynamic duty separation  
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号