Study And Implementation Of Access Control Architecture For Extended Enterprise

In order to cooperate in one project, independent enterprises need to share each other's information resources. Security is key for enabling the collaboration between different enterprises. In these years, e-business technologies experienced fast development which provide the basic solution for enterprise cooperation. Due to some technology reasons, lots of Internet-based applications stand-alone and cannot integrate with each other. XML-based Web service has been put forward to solve this problem which provides new standards and infrastructures to e-business development, but the lack of security conventions is a major drawback to existing Web service approaches. Of course, there are lots of aspects of security, but this paper focuses on authorization and authentication measures because information must be secured against unauthorized access, an essential element in B2B transaction.Firstly, the dissertation introduces the techniques of PKI/PMI, and then discusses the current access control measures. Furthermore the thesis analyses the advantage when PMI combines with RBAC.Secondly, the paper discusses the components, functions and standards of Public Key Infrastructure.Thirdly, the thesis introduces the definition, system infrastructure, access control model and attribute certificate of Privilege Management Infrastructure.Finally, based on PKI/PMI and RBAC, the paper proposes an access control infrastructure for extended enterprise including the design purpose, design idea and system structure, and details the access control process based on this infrastructure. Besides, the author designs and realizes the authentication and authorization subsystem of this infrastructure based on the API of Fast Searching project of Hainan Police office, and proposes an authorization policy model. Furthermore, this paper uses API from PERMIS project as the prototype of access control component in this proposed infrastructure. The last part summarizes all the research works and gives some prospect to the further works.