| 分布式服务共享的访问控制技术 |
| |
| 引用本文: | 梁策,肖田元,张林骀. 分布式服务共享的访问控制技术[J]. 计算机集成制造系统, 2007, 13(3): 527-532 |
| |
| 作者姓名: | 梁策 肖田元 张林骀 |
| |
| 作者单位: | 清华大学,自动化系国家CIMS工程研究中心,北京,100084;清华大学,自动化系国家CIMS工程研究中心,北京,100084;清华大学,自动化系国家CIMS工程研究中心,北京,100084 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 为实现服务共享,需要在异构访问控制模型之间建立分布式的访问控制机制.以ARBAC97访问控制模型为基础,引入代理系统,在不同的访问控制架构之间,建立分布式角色定义框架,给出了构建与共享服务相关的代理角色的方法,提供代理管理角色完整性的验证工具,从而避免了权限泄漏,细化了授权粒度,解决了分布式角色系统工程中的管理问题.最后,讨论了代理系统的实现机制,并在网络化制造服务平台集成中得到应用.
|
| 关 键 词: | 访问控制 服务共享 代理系统 代理角色验证 |
| 文章编号: | 1006-5911(2007)03-0527-06 |
| 收稿时间: | 2006-03-28 |
| 修稿时间: | 2006-05-16 |
Access control model in distributed service sharing |
| |
| LIANG Ce,XIAO Tian-yuan,ZHANG Lin-xuan. Access control model in distributed service sharing[J]. Computer Integrated Manufacturing Systems, 2007, 13(3): 527-532 |
| |
| Authors: | LIANG Ce XIAO Tian-yuan ZHANG Lin-xuan |
| |
| Affiliation: | National CIMS Eng. Research Cent. , Dep. of Automation, Tsinghua Univ. , Beijing 100084, China |
| |
| Abstract: | To realize service sharing,an access control mechanism was needed for heterogeneous access control models.Based on Administrator Role Based Access Control Model(ARBAC97),Agent system was introduced,and distributed role definition framework for different access control architectures was constructed.Approaches to construct the delegation roles associated with specified shared services and verification tool for integrity of delegation administrative role were presented.This method avoided the privilege leakage,improved authorization granularity and facilitated the management of shared services.The architecture and implementation mechanism of delegation access control model were discussed and applied in networked manufacturing service platforms integration. |
| |
| Keywords: | access control service sharing Agent system delegation role verification |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
