| Role-Based Access Control is the most important access control technology near more than a decade,it is based MAC( mandatory access control ) and DAC(discretionary access control) .it is characterized through the distribution and the abolition of the role to complete the permission's changes, in order to achieve the separation from users to permissions .Because of role-based access control's many advantages, it has now become the a hot in the access control field of research and has been more extensive research and use.Today, Web services development a lot, showing many characteristics :cross-boundary and large-scale, complex, and so the traditional role-based access control is raised in the context of centralized , in the geographical distribution of the large complex the size of the access control system has revealed its shortcomings,especially in the ubiquitous computing environment ; In addition, under the Web environment, system management job exceptionally complex, totally dependent on the system administrator to participate in all of the authorization system will be seriously aggravated the system management burden, so Web services-oriented system requires a detailed role-type classification method; at the same time, the traditional access control lists's descriptive low and not enough flexibility, and not available be used in large-scale network transmission and so on, can not apply access control system needs. Therefore, we consider how to effectively build a role-based access control model, there is still more questions need to be studied and improved ,and make it is appropriate on Web service system . To this end, we use a standard feature of XACML and its new characteristic to make it is useful in RBAC and in ubiquitous computing environment, according to the required standard XACML optimized and supplements.RBAC has the disadvantage when using Web Services: because of the role is mainly static, it need a high potential management, access control research is now moving in the direction of the development of complex, practical bad; often happen in large-scale enterprise group of organizations and functional changes, always require a large quantity of re-allocation of roles. The cost of the management usually is very expensive. Information systems more and more involved in the many function, more and more complex structure. Such as: In the past, only the "desk show + background information management", and now may need to show the dynamic control of the columns, the distinction between the types of visitors, for different users with different user interfaces.In this paper, the above-mentioned problem of Web-oriented system of role-based access control is studied. Thesis research content and innovation are as follows:1) Multiple leveled Role-Based Access Control concept has been proposed based RBAC model,and proposed the multiple leveled role-based access control model to provide multi-level control of grain size. Protected the information can flow from high level security object to low level security object. 2) Make XACML implemented by SUN company in universal environment.3)Access control in the environment of Pervasive Computing compared to traditional access control, has a very big difference. Access control in the enviroment of Pervasive Computing is a more complex and advanced , access control at the traditional framework, computing and multi-faceted expansion of implementation. Aanalysis of the XACML standard in the special environment make the shortcomings' discovery and it will be improvement, and verified. |
PDF Full Text Request