Role-Based Access Control And Its Application In University Resource Planning

With RBAC method, the URP system can meet the needs of practical applications in current university digital campus and preferably realize the university information resources access control and then enhance the security of information resources for the university. With the vigorous development of information technology, the university has made significant progress in building digital campus. As an effective solution to the digital campus, University Resource Planning (URP) is widely welcomed by the domestic colleges and universities. Meanwhile, as networks being commonly used, colleges and universities have to face huge challenges brought to management by the issue of security - the traditional method of access control DAC(Discretionary Access Control) and MAC(Mandatory Access Control) has been difficult to meet the complex needs of the college environment. And Role-Based Access Control (RBAC) technology can effectively overcome the shortage of tradition access control technology, and can reduce the complexity of management authority, reduce management costs and provide consistent with the organizational structure of the college security strategy, so it become a hot topic in access control filed and is wildly accepted in practical applications.Based on the detailed analysis of a number of colleges and universities on the present situation and potential security problems and in view of features of URP, this paper chooses a suitable role-based access control method and presented a RBAC solution fit for URP system from the perspective of safety and practicality:(1) Realized the user privileges assigning by binding user information to the user using attribute certificate, which can meet the information security requirements of user roles in information resources access control and provide a basis in Role-based access control for the management.(2) Realized a convenient mechanism for searching and downloading attribute certificate by using an LDAP directory server as a directory server for publishing attribute-certificates and revocation-lists.(3) Realize a communication security guarantee between the Web browser and the Web server, the LDAP server and the Web server by using Secure Socket Layer (SSL), which is to avoid eavesdropping, tampering and forging the information in network requests.RBAC achieved through the URP system, the university system to achieve better...