| 应用数字证书实现基于角色的访问控制 |
| |
| 引用本文: | 孙炜,刘犇. 应用数字证书实现基于角色的访问控制[J]. 北京印刷学院学报, 2005, 13(3): 28-31 |
| |
| 作者姓名: | 孙炜 刘犇 |
| |
| 作者单位: | 北京印刷学院,计算机科学系,北京,102600 |
| |
| 摘 要: | 基于HTTP的Web应用其局限性表现在如下3个方面:1)明文传输信息,不适宜传输敏感信息;2)认证手段太简单;3)没有规范的授权访问模型.设计了一个基于角色的访问控制系统,该系统以PKI体系中的X.509数字证书为基础,能够在客户机与Web服务器之间建立要求双向验证的安全的SSL连接,并根据用户身份授予对服务器的资源访问权限,从而解决了上述问题.
|
| 关 键 词: | x.509数字证书 基于角色的访问控制 |
| 文章编号: | 1004-8626(2005)03-0028-04 |
| 收稿时间: | 2004-12-28 |
| 修稿时间: | 2004-12-28 |
Applying digital certificate to implement the role-based access control |
| |
| SUN Wei,LIU Ben. Applying digital certificate to implement the role-based access control[J]. Journal of Beijing Institute of Graphic Communication, 2005, 13(3): 28-31 |
| |
| Authors: | SUN Wei LIU Ben |
| |
| Abstract: | The pitfalls of Web applications based on HTTP include: 1) transferring plaintext which is unsuitable for critical information; 2) primitive authentication methods do not guarantee security; 3) lack of a formal authorization model. The paper describes a role-based access control system that uses X. 509 certificates as access tokens. When a client requests a connection to the server over SSL, the system would verify both of their certificates. After connections are established, the server grants the clients according to their certificates. The system solves the problems mentioned above. |
| |
| Keywords: | SSL |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
