| With the recent development of the technologies of networks, as one of the most important area of information security, access control and privilege management in the distributed environment have got rapid development. Public key infrastructure (PKI) has proved identity authentication, data confidentiality and data integrity. It can answer the question which is "who am I", but can not answer this question which is "what can I do". Therefore, an advanced technology should be introduced. Privilege Management Infrastructure (PMI), as a new technology and a good complement of PKI, can provide strong authorization. It has been introduced to support access control and privilege management, together with Role Based Access Control (RBAC) and Attribute Certificate (AC). They can work very well.This paper analyses PMI, AC and access control technologies, and studys DIS (Delegation Issuing Service) which is a component of the PERMIS PMI project. Then the advantage and disadvantage of the existing delegation technologies are analyzed in the distributed environment. DIS is expanded to be used in the distributed environment, and the distributed delegation framework based on the DIS is invented. In this framework, operation flows containing distributed delegation and access control are analyzed, and the advantage of delegation based on the DIS is concluded in the distributed environment.Finally, a delegation model based on the DIS is designed between a province library and a university library. This paper analyses the existing policy which is described by XML, and then designs the access control policy. The policy is suitable for use in the distributed environment. Two styles of ACs are issued. They are the policy ACs and the role ACs. The communication is implemented between the user and DIS as a three tiered model via an Apache web server. The DIS can issue ACs on behalf of other AAs. For implementing access control, some main classes and functions within the PERMIS PMI API are analyzed. |
PDF Full Text Request