| With the coming of information age, network security has caught our attentions. Public Key Infrastructures(PKI) are considered as the core and foundation for network security, which ensure the security of the transmission and exchange during the process of electrical commerece or government affair. With the kinds of resources becoming more and more abundant and the users' roles more and more complex, we are strongly in need of a fine-grained access control technology. In the traditional PKIs, identity and privilege are not disjunction. If a person has many roles and holds many privileges, he may hold many PKCs. Neither is good for the system's development and reuses, nor for its safe and expedient administrations. So then, Privilege Management Infrastructure(PMI) emerges as the times require. And now PMI has become the hot research direction in information security field. But lack of standard in privilege policy and inefficiency are the main questions.Lightweight Directory Access Protocol is used to visit the directory access protocol of X.500. It won't produce the resource demands when DAP visits X.500. LDAP, directed at those simple controller programs and explorer .programs, supplies X.500 directory with simple mutual access between reading and writing. At the same time, it is also a kind of supplement for itself. LDAP adopts current model which is a protocol action from client to server. In this model, protocol demands which describe the needed action are conveyed to server by client. Then, the server does action in directory. After this action, server returns an outcome or an answer with mistake information to the client which needs service. In the first and the second versions, LDAP didn't indicate that how other server references are given by protocol server to client. For improving capabilities and assigining actions, LDAP the third version permits that server returns other server references to the client. In this way, the work conneting other servers has been reduced, and the capabilities have been improved.Access control is a defence measure against overstepping using resources. The basic goal is to limit access privilege from access subject (client, process and service, etc.) to access object (document, system, etc), so that computer system can be used legally. It's also decided that what the program can do. There are three access control strategies in business firms. They are discretionary access control, mandatory access control and RBAC. However, DAC is too weak and MAC is too powerful. These two strategies are too complex to be managed conveniently. Nowadays, RBAC is regarded as an effective way, which can resolve the problem how an enterprise accesses and controls unit resources. There are two remarkable characters, 1.reduce the complexity of authorization management and the spending of management; 2.flexibly support the security strategy of enterprise and well fit the changes of enterprise.This article introduces PMI, LDAP and RBAC; then analyzes their features, advantages and actualities that most of the applications focus on RBAC and there is little study on different access strategies. This article introduce the resource sharing fashion of PMI system appling LDAP. Based on these three technologies ,Put forward the scheme applied to resource sharing of security department and common department. In this scheme, introduce the privilege tree and Single Branch Tree applied to large PMI system. Single Branch Tree aim at emergency,and improve the efficiency through creat and adjust Single Branch Tree. Put forward the "empty role" which is clatify to PMI system appling access strategy based on user,through the analysis of user and role and expatiate how to create and apply it through attest LDAP of both sides. Appling this thchnology to PMI systems which adopt different access strategy can make them cooperate safely and both sides needn't change strategy.This article make this technology apply to PMI systems which adopt different access strategy through more analysis and simulation implement aimming at applications that require upper safety; and make PMI system using different access strategies share the resources much safer and more convenient. Then work jointly and develop the project. |
PDF Full Text Request