Access control is an important component of information security technology, but also necessary to large-scale distributed systems as a basic secure service. Combining the development of a Management System of Bank Electronic Device (DeviceMIS), based on the related theory of the Role-Based Access Control (RBAC), this paper presents a practical RBAC scheme for distributed application software systems in detail.By comparing RBAC model with the tradition access control model in the enterprise information system, we design RBAC scheme for the DeviceMIS because of the advantage of RBAC model in the comparison. The RBAC scheme in the DeviceMIS includes five parts, namely user management, role management, authentication, authorization and audit. Distributed role management overcomes the shortage of centralized access control, makes it more proper to the distribution between the centre and the local, and then strengthen the stability and flexibility of the DeviceMIS. Identity authentication based on X.509v3 certificate, powerful restriction for dynamic authorization, and system audit, not only ensure the system security totally, but also lighten the burden of Web server, and improve its capability. The betterment on related algorithm and data structure decreases both of the time complexity and the space complexity.In particular, the paper states the development of DeviceMIS from system modeling, function design, database design and optimization, access control scheme design, 3-tier Client/Server system implementation with the object-oriented interface technology utilized, and other aspects, also analyses multi-class security of the DeviceMIS generally, then proves the feasibility of RBAC scheme used in the distributed enterprise information manager systems. |