Research Of PMI Based Authorization Management System In Common Data Security Platform

With the rapid development of computer and communication technologies, vast amount of sensitive information are being exchanged through public communication infrastructures or computer networks, especially with the widely use of the Internet, E-commerce applications and rapid development of electronic government applications, more and more private information need to be secured. Such as, bank account number, personal private information etc. Due to the demand for information security and authenticity, crypology is gradually becoming part of our daily life. We call this phenomenon as Information Security.With the rapid growth of personal information and personal awareness, information security is gradually gaining more and more attention, therefore, a common and reliable secured platform provides an excellent development platform no only for providing security user with security authentification, security decision, security services features, at the same time, authorization management and access control are also part of the common security platform.As the information security market getting more mature, people's interest and knowledge for access control products are gradually increasing, this in term demonstrates the bright outlook for PMI based authorized management infrastructure application. PMI based authorized management infrastructure application can effectively increases system security, reduces the chaos caused by multiple privilege management model, lower application system development cost, increases enterprise efficiency.The general data security platform CDSP that's being discuss in this article emphasis on the CDSA architecture introduced by Intel corporation, based on Intel's foundation at the same time referenced the KeyOne identity authentication and authorization system from Keyone corporation, and imported PMI based authorization management system in security platform. It is mainly construct on the PKI foundation, with goal of providing access control management and authorization service for users and applicationsystems, responsible for providing authorization service management to service application system, providing user identity and application authorization mirroring features, achieving the access control mechanism that is corresponding to the actual application processing model, and does not related to actual application system development and management, therefore greatly simplified the development and maintenance of access control and privilege management system, and reduce management cost and complexity. This paper, will discuss the design compostion of PMI(Privilege Management Infrastructure) based authorization management framework, implementaion of using attribute certificates for access cotrol and actual application of PMI based authorization management framework.