Application Research And Implementation Of Access Control Policy

With the penetration of IT in enterprises, the security of information system has become as issue of great importance. One threat to the information security comes from the deficiency in the administrative function of access control in the applied software used in enterprises. Access control, as a crucial part of permissive security, ensures that only the authorized personnel are capable of accessing sensitive information. The research on access control technology and its systematic implementation has a very important theoretical and practical value.XACML is an open specification designed by OASIS for accessing policies management. Comparing to other existing standard access control language, XML-based XACML can be identified by both human-being and computer, while having the functions, included in other policy descriptive languages, of accessing Target, Subject, Action and Rule. RDF recommended by W3C for describing and exchanging is the foundation of processing metadata. The purpose of designing RDF is to define a mechanism of resource description, instead of assuming certain practical environment or defining semantics applied to any practical field.The present research intends to apply semantics technology to access control policy expression. The author starts with in the background of how the XACML and RDF came into being and their respective application field. Then, based on the combination of RDF technology, the author suggests a model using RDF to express XACML access control policy. The syntax of XACML is comparatively complex and interminable for system administrators to comprehend. Using the semantics technology, the semantics-based access control policy, to a certain degree, has the advantages of being capable of querying and illation. It can also be converted into XACML expediently by means of querying and XSLT. The author extends the CAS originally developed by Yale University, and implements single sign-on with the suggest model. Access control can be implemented by the system administrator simply through maintaining the basic data and access control policy. This reduces the difficulty of system maintenance.RDF and XACML are both open specification established in succession by organization for standardization, and the exploitation practice of CAS is orienting to the technical standard, begin supportive to an increasing amount of open specification. The research and implementation of access control and single sign-on in this thesis provides engineering practice with an effective measure.