| A General Attribute and Rule Based Role-Based Access Control Model |
| |
| 作者姓名: | 朱一群 李建华 张全海 |
| |
| 作者单位: | Dept. of Electronic Eng. Shanghai Jiaotong Univ.,Dept. of Electronic Eng. Shanghai Jiaotong Univ.,Dept. of Electronic Eng. Shanghai Jiaotong Univ.,Shanghai 200240 China,Shanghai 200240 China,Shanghai 200240 China |
| |
| 摘 要: | Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
|
A General Attribute and Rule Based Role-Based Access Control Model |
| |
| ZHU Yi-qun,LI Jian-hua,ZHANG Quan-hai,.A General Attribute and Rule Based Role-Based Access Control Model[J].Journal of Shanghai Jiaotong university,2007,12(6):719-724. |
| |
| Authors: | ZHU Yi-qun LI Jian-hua ZHANG Quan-hai |
| |
| Abstract: | Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments. |
| |
| Keywords: | attribute rule user-role assignment role-based access control(RBAC) access policy |
| 本文献已被 CNKI 万方数据 等数据库收录! |
