| 支持多种访问控制方法和策略继承的授权系统 |
| |
| 引用本文: | 龙毅宏,吴硕,唐志红,张海松. 支持多种访问控制方法和策略继承的授权系统[J]. 信息安全与通信保密, 2008, 0(10): 68-70 |
| |
| 作者姓名: | 龙毅宏 吴硕 唐志红 张海松 |
| |
| 作者单位: | [1]武汉理工大学信息工程学院,湖北武汉450070; [2]北京天威诚信电子商务服务有限公司,北京100088 |
| |
| 摘 要: | 分布式计算环境下访问控制技术的一种发展趋势是采用集中式的身份与权限管理,即由一专门的系统为企业、机构的各类计算机系统、应用服务系统提供集中的身份与授权策略管理,但这种集中式的授权管理系统在实际应用中也面临一些技术问题,论文提出了一种集中式的授权系统,它通过Manager-Provider(管理者-提供者)架构支持、扩展多种不同的访问控制方法,基于资源策略树定义可继承的授权策略,并提供面向不同访问控制方法的在线授权决策服务。
|
| 关 键 词: | 访问控制 管理者-提供者架构 授权策略继承 资源策略树 |
An Authorization System with The Support of Multiple Access Control Methods and Policy Inheritance |
| |
| LONG Yi-hong,WU Shuo,Tang Zhi-hong,ZHANG Hai-song. An Authorization System with The Support of Multiple Access Control Methods and Policy Inheritance[J]. China Information Security, 2008, 0(10): 68-70 |
| |
| Authors: | LONG Yi-hong WU Shuo Tang Zhi-hong ZHANG Hai-song |
| |
| Affiliation: | LONG Yi-hong, WU Shuo, Tang Zhi-hong, ZHANG Hai-song (1.Wuhan University of Technology, Wuhan Hubei 430070, China; 2.Truschina Co., Ltd, Beijing 100088, China) |
| |
| Abstract: | The development trend off access control under distributed computing environment is to employ centralized management of identity and right, that is to say, specific system is responsible for providing centralized management of identity and right for various computer systems of enterprises ans organizations.This paper proposes a centralized authorization system, which supports and enables the extension of multiple access control methods through a manager-provider architecture. Furthermore, it defines the inheritable authorization polices based upon a resource-policy tree, and provides online authorization decision service for different access control methods. |
| |
| Keywords: | access control manager-provider architecture authorization policy inheritance resource-policy tree |
| 本文献已被 维普 万方数据 等数据库收录! |
|
