基于角色映射的跨平台授权研究

为解决网络化制造平台联邦集成中的跨平台授权问题,提出了一种基于角色映射的跨平台授权方式.独立自治的管理域之间通过角色映射,建立起合同性质的授权关系,并讨论了集成系统信任模型和跨平台访问控制过程.针对基于角色的访问控制模型,定义了包括四种映射关系和三种授权关系的形式化授权模型.为保证跨管理域授权的安全性和角色映射的合理性,提出了基于合同约束、静态约束和动态约束的风险控制机制.最后给出了集成系统授权服务器的体系结构及应用示例.

Cross-platform authorization based on role-mapping

A role-mapping-based authorization method was presented to solve authorization problems across autonomous systems for the decentralized federate integration of networked manufacturing platforms.Independent autonomous domains established contractual authorization relationships with each other by setting role-mapping rules.The integration system's trust model and the across-domain access control processes were also discussed.A formal authorization model,including four mapping relations and three authorization manners,was defined based on the role-based access control model.To ensure authorization safety across autonomous administration domains and rationality of role-mapping,a risk-control mechanism was proposed based on contractual constraints,static constraints and dynamic constraints.Architecture of the authorization server and an application example were presented to illustrate working process of the role-mapping-based authorization method.