Application Reasearch On RBAC In EAI

As the rapid prevalence of EAI(Enterprise Application Integrator), protecting enterprise resources becomes more and more important. Traditional access control methods no longer satisfy the needs of today's enterprises. Role-Based Access Control (RBAC), which will lower the burden of authorization management and provide a security policy consistent with the organizing structure of the enterprise, becomes a main method to resolve the safe access control for enterprise global resource.According to the characteristics of EAI and considering the specific requirement of enterprise administration mode, the paper provides a ERBAC model (Enterprise Application Integrator-RBAC)based on the analysis of RBAC96(Role-Based Access Control96) model and ARBAC97 (Administrative Role-Based Access Control97)model.Aiming at how to authorize management right to those who knows the demands of users best, the usage of information most sufficiently and those who most qualified to judge which user needs information manager, a distributed manage method based on organization in ERBAC model is discussed. User management model and role level model based on domain maintenance of ERBAC, and multi-level permission management model are presented. This authorization management model can not only simplify implementation difficulty of ARBAC97, but also diminish the shortage brought by role set and user set's dependence on role level in URA97(User-Role Assignment97)model and PRA97(Permission-Role Assignment97)model. It also accords with administration model and security policy of enterprises.ERBAC model is composed of three parts: system component, database and human-machine interface. System component includes authorization management system, identification authentication server and access control server. Authorization management system adopts distributed architecture and composed of client management console and server authorization server. Identification authentication server provides password authentication and digital certificate authentication. Access control server provides files of user faced access control rule for application systems. Actually, it is a rule file library.ERBAC model materializes the main characteristics of RBAC model, can satisfy application requirement of EAI. The model can commendably realize the universal resource access control in enterprise environment.