一种统一授权和访问控制模型的设计实现

企业信息平台(EIP)是一个基于企业模型的平台,目标是为了实现模型驱动的企业设计、分析和评价。EIP的目标之一就是建立一个可以容易地实现不同系统集成的架构,如:政府和其他企业中过程、结构、任务、目标和信息等的集成。论文的重点不是EIP中数据的集成,也不是应用的集成,而是授权的集成,主要针对的是EIP中工作流管理和资源管理中的授权集成问题。在现有的EIP系统中,工作流管理和资源管理一般都有各自独立的授权和访问控制模块,这种非一体化的授权方法容易引发多种安全问题。而先前的研究大都集中在单独的授权系统上,对它们的集成很少有讨论。论文提出了一种统一的授权和访问控制模型,可以以一种统一的策略来表示处理EIP系统中的各种授权和访问控制,解决了分散授权模型带来的一些安全问题,较好地实现了授权的集成。

A Unified Model of Authorization and Access Control in Enterprise Information Platform

Enterprise information platform(EIP)is an enterprise model-based platform,aiming at model-driven enterprise design,analysis and evaluation.Its one role is to build up a framework for the easy integration of different systems rep-resenting the processes,structures,activities,goals and information,etc of businesses,governments or other enterprises.The topic of this paper is not data integration or application integration of EIP,but integration of authorization.This paper fo-cuses on integration of authorizations of workflow management system and resource management system of EIP.Workflow management and resource management of current EIPs usually have their own models of authorization and access con-trol.This type of separate authorization and access control mechanism causes many security problems.Previous studies fo-cus on each authorization system individually,but the integration of them has hardly been deeply discussed.Here the paper presents a unified authorization and access control model,so as to represent the privileges authorized by different systems in the same format,and to avoid conflicts and other security problems as the consequence.