| Information in today's opening network environment is often managed and used by a diverse, often dynamic, population of users, with resources distributed across many separate networks. This situation demands that the identities and access privileges of users and administrators are managed in a trusted manner. To solve the problem, two innovative technologies have recently evolved. They are Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI). Nowadays more and more enterprises take Role Based Access Control (RBAC) as their access control model. It manages net resource by attribute certificate (AC) signature by PMI based on PKI.This paper systematically described RBAC , forward secure digital signature, AC, the principle of PMI. Then we present a systematic model of PMI based on RBAC. The AC is the tool that manages the role and privilege. While the SOA or AA carries on a signature to the AC with the forward secure digital signature, Although we lost the private key of the AA and SOA. The system of the loss reduced to the lowest. The RBAC uses the concept of the role ,the role assignment certificate and the role specific certificate to simplify the management of the systems, make the access control more clear and the assignment easier, reduce the management's burden, make that system become general and standard. When verifying privilege, the most difficulty is searching right AC in the AC data base, which used for searching right user, role, privilege in theca database, in order to decide whether visitors have the privilege of accessing resource. To increase the speed of verifying and system capability, we adopt cache of RBAC which greatly increases system reflect_ speed. The paper also puts forward the application environment and the relative standard of this system. |
PDF Full Text Request