Research Of Organization Based Access Control Model For Electronic Government System

With the progression of e-government, the rapid development of information technology and the continued expansion of the network scope, the government affair information system develops from single and small scale system to large scale, multi-application, distributed, cluster, complex system, and the system complexity becomes higher and higher. In the process of these systematic construction and integration, the authority management largely determines resource assignment pattern, business logical relation and system integration style. Therefore, how to manage authority efficiently, rigorously and practically is the key of system construction and integration, and at present it also is very important issue at home and abroad.Now the security certification and authority system approaches security problems from the standpoint of technology, gives out the corresponding technical solutions, be short of thoughts and ideas which focus on the people, centers in organization from the visual angle of management, be short of deeper research business system especially complex government system whose procedure is complex and management id difficult and management workload is large. The security certification and business collaboration can't be implement among the different organization and different business system, without the support of organization and authority management system which removed from business system. These problems above have restricted the development process of our country e-government.During recent years the role-based access control (RBAC) have attracted considerable interests. In RBAC, roles are defined based on operation, permissions are associated with roles, and assigning roles to users makes user access related resources, this indirect association between users and permissions greatly simplifies user permission management. But when the number of roles and permissions is very great, the RBAC performance may degrade and its management becomes complex. The reason for causing above problems is that the RBAC does not adapt to the number of roles and permissions. Directly applying RBAC to applications involving a large number of organizations can result in a large number of roles and permissions due to local variations and privacy concerns.To solve complex government information organization and access control problem, this paper proposes the model of Organization-Based 4 Level Access Control (OB4LAC). OB4LAC focuses on the people, bases on management, centers in organization, researches complex government information organization and access control problem from the visual angle of organization, society and management. It can solve the problem of management complexity in RBAC increasing tremendously with role and permission number increasing. It can manage authority effectively according with management science, with consistency of management, business and technology. It can combine information security techniques of certification, authority and audit with organization management, providing security basics for collaboration among multi-level, multi-department, multi-system government.The expressive power of OB4LAC are discussed by showing that any given OB4LAC model can be modeled by a RBAC model and vice versa, it is proved that the expressive power of OB4LAC is equal to that of traditional RBAC.AOB4LAC is proposed, it is used to manage assignment relations among users, posts, roles, permissions and hierarchies between posts and roles. It has five sub-models, UROA (used to manage assignment relations from users to role, posts), PRA (used to manage assignment relations from permissions to role), RRA (used to manage hierarchies among roles), OOA (used to manage hierarchies among posts) and ROA (used to manage assignment relations between role and posts). The AOB4LAC model achieves distributed access control and authority management of the OB4LAC-based system. It discusses the roles segments method of business-based application system in OB4LAC. It has management adaptability for the multi-organization and OB4LAC-based systems.A cooperation-oriented OB4LAC (OB4LAC~C) is presented. The usefulness of OB4LAC~C is demonstrated in secure collaboration via an OB4LAC~C based secure collaboration schema which avoids many problems resulted from role-mapping, role-translation, or role exporting.The implementation of OB4LAC of e-government systems is discussed in respect of the architecture of organization and access control system, function design of organization and personnel management, resources and role management and distributed authorization management. Then the scientificity and feasibility of OB4LAC are proved by a practical application system.