The Research Of Part-Role-Based Delegation Model In Distributed Environment

The traditional means of authentication and access control list can not be fit for authorization in open and distributed environment.On the other hand,the management work is onerous in distributed systems,this will aggravate burdens of system management if every authorization need the participant of system supervisor.Role based delegation is a important technology to solve the problem of authorization in distributed systems,which allows authorization to be implemented in a decentralized manner.There are two main directions to study the role based delegaion problem recently:the delegation of role appointment right and the delegation of user right.However,the existent model can not solve the problem of part right delegation,as well as there is no a single model that can describe the character of the two kinds of model.To solve this problem,we have studied the following two subject matters.Firstly,we design a part role based integrated delegation model named PRIDM05,including four kinds of roles:regular role,delegatable role,delegated role and appointive role.We assign the right that user can delegate to delegatable role,which limit the scope of delegatable right.Delegated role can be divided into user delegated role and system delegated role,user or system will assign subset right of certain delegatable role to these delegated role,then delegate them to others.At the same time,we adopt shield value making up of 01 sequence in the process of delegation to shield the right that user do not want to delegate.And we adopt a transferability limitation to delegation.We assign the right of assignment users for roles to the appointment role,so that this role can realize the obvious delegation.We also define the concept of delegation path and delegation chart with tags,as well as three kinds of revocation scheme.Secondly,we implement delegation inference engine based constraint logic programming.This engine introduce a constraint domain that has been proved to be constraint compact.We allocate unique identification number for each authority of delegated role and use set constraint ,in order to realize the shielding means and transferability limitation to delegation scope.At the same time,wo also adopt the integer constraint to realize the transferability limitation to delegation path.We define 27 rules to judge the part role based delegation and revocation.As for the inference algorithm of constraint logic programming,we adopt the one which psessess the characteristics of both top-down inference algorithm and down-top inference...