Research And Application On Privilege Management Infrastructure

With the in-depth network application and expansion,Only verify the identity of users can no longer meet the needs of the security system,the emergence of Privilege management infrastructure further define a legitimate user's operating privilege and the authority to establish the special authorized users authorized set. Privilege Management Infrastructure is an attribute certificate,attribute authority, attribute certificates, and other components constitute the integrated system ,Used to achieve competence and certificate production, management, storage, distribution and functions such as revocation .Privilege Management Infrastructure using attribute certificate to present and accommodate the information of privilege, through manage the life cycle of certificates to achieve competence life cycle management. Attribute certificates'application, issuance , cancellation and the verify process corresponds to the privileges'application, issuance, revocation, the use and verify process.Based on the study of traditional Privilege Management Infrastructure, optimizing the server inquiry of Leightweight directory access protocol of the Privilege Management Infrastructure; Based on the introduction of the role of the Delegation , Greatly reduced the burden on the security administrator ; Increase the user group Description attribute certificates and user group allocation attribute certificate to simplify application management competence ; Adopted the first test the strategy avoids the process of application server requests authorized , Avoid the invalidity verify problem of non-real-time in the existing system. Finally,we describe the details of the strategy ,it's management and access control model in the Privilege Management Infrastructure, describe the probably framework of An improved Privilege management infrastructure.Based on the improved model of Privilege Management Infrastructure, combinate with the Web-related knowledge,describe a joint security authentication authorization system of Privilege Management Infrastructure an Public Key Infrastructure under the WEB,and give a preliminary Safety Analysis and design of the privileges verify Gateway module, the role delegation functional modules, Privilege Management Infrastructure module and Leightweight directory access protocol server module in the improved system. Describe a more flexible and efficient security authentication authorization system.