| Access Control is a key technique for applications to implement secure access, and RBAC(Role-Based Access Control) is more secure and easier to implement, so RBAC has been used widely in applications. But the privilege in RBAC is very abstract, and RBAC has been still an abstract model until now, so how to implement this model to applications is still a complex problem. This paper first analysis the access control requirements of web applications, and then proposes a RBAC extend model:RBAC4WA(RBAC for Web Applications).RBAC4WA extends and defines the objects and operations in RBAC, and adds the nodes and node hierarchy idea. RBAC4WA also includes some other components of RBAC, such as sessions, user-to-role assignment, permission-to-role assignment, role hierarchy, Static Separation of Duties and Dynamic Separation of Duties. Then we design and implement a unified access control platform, which has five components including database, management tool, information management module, web service interface and running access control module. The database stores the access control information based on RBAC4WA model; and the C/S structured management tool and the B/S structured information management module is used for managing the information; the web service interface provides the data access interface for web applications; and the running access control module controls the privilege of the user access, which is embedded in the each page of the web application. At last, this paper applies this platform to the integration of student department's projects. The Dormitory Management System and the Student Management Website are integrated into this platform, and a student department's portal is implemented too. This paper should be advisable for the design and implementation of unified access control in web application integration. |
PDF Full Text Request