With the development of network and more occurrences of network applications, security of network increasingly becomes an important problem. To protect the network security, we should provide and discriminate information of identity and authorization for users. Nowadays PKI has become the common security support system for most network applications such as E-commerce. PKI records people's identities and privileges into public key certificate, providing an efficient way for identity authentication and establishing a base for enforcing access control over the network. However In PKI system, the contradiction between permanent authentication identity and changeable authorization in PKI becomes more and more evident, therefore PMI(Privilege Management Infrastructures) concept is brought in X.509v4 standard in 2000.PMI separates the management function of privileges in the X.509v3 and offers a more strict, convenient and efficient access mechanism, based on PKI, realizing a privileges management system. The research and implementation of PMI is still on the Validation stage and no standards have been published. The research of PMI is only at the beginning in our country, to develop our own PMI products through researching this technology is no time to delay.Firstly the paper introduces the basic framework of PMI and access control technology, especially the role based access control model analyzed in detail. By analyzing of some successful PMI projects, the paper proposes the design idea of the PMI prototype and implements the PMI prototype, which is role based access control model. PMI prototype consists of three components: attribute certificate management module, access control module and system management module. The paper describes the design and implementation of the three modules in detail.It is accomplished under the condition that the research of PMI is only at the beginning in our country, so it might be helpful to the further research and application in this area. |