| PMI授权管理系统设计与实现 |
| |
| 引用本文: | 周彦萍,崔彦军.PMI授权管理系统设计与实现[J].微机发展,2012(1):228-232. |
| |
| 作者姓名: | 周彦萍 崔彦军 |
| |
| 作者单位: | 河北省科学院应用数学研究所河北省信息安全认证工程技术研究中心,河北石家庄050081 |
| |
| 摘 要: | 企业的安全应用面临着资源信息需共享,跨组织边界的用户和服务资源会随时调整,安全策略中的安全属性种类繁多,权限决策辅助因素的多变等问题。文中介绍的PMI授权管理系统为上述问题提供了一个可行的解决方案。该系统将GB/T16264.8-2005和ISO/IEC9594-8(2005)相结合,遵循属性证书的X.509协议,利用改进的RBAC模型建立授权机制,将各类权限信息存储在LDAP数据库及属性证书中。应用结果表明,系统将访问控制机制从具体应用的开发和管理中分离出来,不仅屏蔽了安全技术的复杂性,也拥有很强的灵活性、适应性和可扩展性。文中给出了系统总体设计、授权体系与访问控制模型及LDAP数据库设计方案。
|
| 关 键 词: | 授权管理基础设施/公负基础设施 轻型目录访问协议 授权管理 授权体系 访问控制 |
Design and Implementation for Authorization Management System Based on PMI |
| |
| ZHOU Yan-ping,CUI Yan-jun.Design and Implementation for Authorization Management System Based on PMI[J].Microcomputer Development,2012(1):228-232. |
| |
| Authors: | ZHOU Yan-ping CUI Yan-jun |
| |
| Affiliation: | ( Hebei Information Security Authentication Engineering Research Center, Institute of Applied Mathematics, Hebei Academy of Sciences, Shijiazhuang 050081, China) |
| |
| Abstract: | Enterprise applications face the following security problems: the sharing of resource information, the adjustment of the users and services across the boundaries, the large variety of properties in security policies and the polymorphic of factors in privilege decision support. In this paper, introduce a practical authorization management system based on PMI. It combines GB / T 16264.8-2005 and ISO / IEC 9594-8 (2005 }, and follows the X. 509 attribute certificate protocol. It stores the authorization information in LDAP and attribute certifications through the improved RBAC model to isolate the access control model from the applications. It encapsulates the complexity of security technology that ensures the flexibility, adaptability and scalability of the system. The design of the system, the authorization model, the access control model and the LDAP database are also given in the paper. |
| |
| Keywords: | PKI/PMI LDAP privilege management authorized system access control |
| 本文献已被 维普 等数据库收录! |
