Role-Based Access Control Models In E-Government

With the rapid development of network technology and fargoing use of Internet, more e-government systems based on Internet and are getting larger. Meanwhile, the problem of access control and data security in e-government systems is arising.It is complex and anfractuous that how to make access control efficient in e-government system, especially in enterprise system, because the amount of user and resource is very large and administrators have to establish detail access control lists for each user, workload is large, inefficient and frequent errors. Access control is also important to prevent inner information is awlessly obtained, modified and destroyed and to prevent the system is unauthorized use. Therefore to design a stable, efficient access control prolicy not only can decrease the workload and mistake, elevate the efficiecy but also can insure the Confidentiality, Integrity and Availability (C.I.A) of data and service.From the view of application, this thesis putting the Role-Based Access Control Models (RBAC) in depath research. The concept of role in RBAC can solve problem of traditional access control policy easily. But now the hackneyed application of RBAC is restricted within LAN for the inner users such as MIS, it is infrequent in enterprise e-government system which is based Internet, includes multi-organization, multi-type user, and the application of RBAC is also immature, and the RBAC also has the problem in practice that it is not flexible enough in manage access control.To solve these problems, this thesis is based on an illustrational e-government system Project, think over the character of government administration and modern e-government include big numbers of user and user's type, complex relationship among users, expands the common RBAC model, the new model makes the access control more convenient and flexible, the design and development of RBAC component based on the new model, this thesis gives the detail design and implementation scheme of the component, and the support for single-sign-on, at last gives the test for the component. This thesis implements illustrational system base on the expanded model successfully. It proves the exactness and feasibility of the expanded model. The design and implementation scheme also has referenced value for access control design of e-government systems and other information systems especially enterprise systems.