论文部分内容阅读
针对基于任务-角色的访问控制模型(task-role-based access control,T-RBAC)无法满足主体客体上下文环境变化对访问授权的要求,并且只考虑了部分工作流上下文信息如任务执行序列与互斥任务等问题,本文对其进行了扩展,提出了一种动态的上下文相关访问控制模型,它保留了原T-RBAC支持角色层次关系及任务驱动的特性,引入上下文环境,将其与模型中的主体及任务关联.扩展后的模型充分考虑任务执行时主体与客体的物理环境,可以动态地激活主体相关角色及权限;在商业过程所建立起的工作流上下文环境下,支持权限级职权分离与任务实例级动态职权分离;根据任务的主动和被动特性,分别使用主动会话和被动会话的方法来实现动态授权.
Task-role-based access control (T-RBAC) model can not meet the requirements of access authorization for subject-object context changes and considers only part of the workflow context information such as task execution sequence and interaction This paper proposes a dynamic context-dependent access control model, which preserves the hierarchical and task-driven features of the original T-RBAC supporting role. It introduces the context and combines it with the model The main body and the task association.The extended model fully considers the physical environment of the subject and the object at the time of the task execution and can dynamically activate the role and authority of the subject.Under the workflow context established by the business process, And task-level dynamic separation of authority; According to the active and passive tasks of the mandate, respectively, the use of active conversation and passive conversation method to achieve dynamic authorization.