| 基于委托的分布式动态授权策略 |
| |
| 引用本文: | 张润莲,武小年,董小社. 基于委托的分布式动态授权策略[J]. 计算机应用, 2008, 28(6): 1365-1368 |
| |
| 作者姓名: | 张润莲 武小年 董小社 |
| |
| 作者单位: | 西安交通大学,电子与信息工程学院,西安,710049;桂林电子科技大学,信息与通信学院,广西,桂林,541004;桂林电子科技大学,信息与通信学院,广西,桂林,541004;现代通信国家重点实验室,成都,610041;西安交通大学,电子与信息工程学院,西安,710049 |
| |
| 基金项目: | 国家自然科学基金 , 国家高技术研究发展计划(863计划) , 国家重点实验室基金 |
| |
| 摘 要: | 针对分布式协作环境中的授权问题,基于委托模型和RBAC模型,提出一种基于委托的分布式动态授权策略。通过扩展RBAC模型的元素集和静态授权操作,并由委托者动态创建临时委托角色和委托授权,支持“部分角色转授权”。系统授权采用三级层次结构实现,并给出了动态委托授权过程。系统实现及应用表明了其能够适应分布协作环境下的分布动态授权需求,遵循“最小特权”原则。
|
| 关 键 词: | 访问控制 委托授权 角色访问控制 公钥基础设施 特权管理基础设施 |
| 文章编号: | 1001-9081(2008)06-1365-04 |
| 收稿时间: | 2007-12-25 |
| 修稿时间: | 2007-12-25 |
Dynamic authorization scheme based on delegation in distributed system |
| |
| ZHANG Run-lian,WU Xiao-nian,DONG Xiao-she. Dynamic authorization scheme based on delegation in distributed system[J]. Journal of Computer Applications, 2008, 28(6): 1365-1368 |
| |
| Authors: | ZHANG Run-lian WU Xiao-nian DONG Xiao-she |
| |
| Affiliation: | ZHANG Run-lian1,2,WU Xiao-nian2,3,DONG Xiao-she11.School of Electronic , Information Engineering,Xi'an Jiaotong University,Xi'an Shaanxi 710049,China,2.School of Information , Communication,Guilin University of Electronic Technology,Guilin Guangxi 541004,3.National Laboratory for Modern Communication,Chengdu Sichuan 610041 |
| |
| Abstract: | Concerning the authority in distributed environment for collaboration, a dynamic authorization scheme was presented based on delegation and RBAC model. The scheme supports partial role delegation, by expanding element sets of RBAC model, enlarging static authorization operations, and allowing the delegator to create temporary delegation roles and assign others (the delegatee) to the particular roles. The scheme was implemented by three-level frameworks, and the operating process about how to authorize dynamically in delegation model was described. The application shows that the scheme can adapt to distributed and dynamic environment, and follow the least privilege principle. |
| |
| Keywords: | access control delegation Role-Based Access Control (RBAC) Public Key Infrastructure (PKI) Privilege Management Infrastructure (PMI) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
