基于任务和角色的双重Web访问控制模型

互联网／内联网和相关技术的迅速发展为开发和使用基于Web的大规模分布式应用提供了前所未有的机遇，企业级用户对基于Web的应用(Web-based application，WBA)依赖程度越来越高．访问控制作为一种实现信息安全的有效措施，在WBA的安全中起着重要作用．但目前用来实现WBA安全的访问控制技术大多是基于单个用户管理的，不能很好地适应企业级用户的安全需求．因此提出了基于任务和角色的双重Web访问控制模型(task and role-based access control model for Web，TRBAC)，它能够满足大规模应用环境的Web访问控制需求．并对如何在Web上实现TRBAC模型进行了探讨，提供了建议．同时，应用TRBAC模型实现了电子政务系统中网上公文流转系统的访问控制．

A Task and Role-Based Access Control Model for Web

The rapid proliferation of the Internet/Intranet and the cost effective growth of its key enabling technologies are creating unprecedented opportunities for developing large scale Web based distributed applications It has led to continued reliance on Web based applications (WBA) for enterprise wide computing At the same time, there is a growing concern over the security of WBA As an effective measure to achieve information security, access control is important in WBA security However, current approaches to access control on WBA are mostly based on individual user identity; hence they do not scale to enterprise wide systems In this paper, a new access control mechanism called TRBAC(task and role based access control model for Web,TRBAC) is presented The TRBAC model can meet the need to manage and enforce the strong and efficient access control technology in large scale Web environments The implementation of TRBAC on the Web is also illustrated Finally, the Web application adopting the TRBAC model, called E Government Official Document Flow & Processing System, is given to demonstrate the feasibility