Research On Access Control Policy Based On Fine Granularity In The Context Of E-Government

With the fast development of information technologies, government and enterprises tried to realize electronic government or electronic business by substantially using information systems and decision supporting systems, which makes information security becoming the key point in e-government process. In this regard, the research of access control draws much attention among professors. The fact that applying role based access control to the privilege management in government systems shows more flexibility and extendibility than those traditional access control models.However, as to the trait of top-down management mechanism and stepwise authorization in government organization, access control strategy should provide a permission management model for specifically reflecting organization structure and simplizing authorization process, thus to solve conflicts between information systems and organization structure in practice. In addition, the management of permission and roles should meet users' demands for fine granularity access for resources based on time, context, content and so on.Hence, access control policy based on fine granularity in the context of e-government is seriously discussed in this paper. It introduces "Job position" as a medium of users and roles, making the real organization structure directly corresponding to job position, and then a four-layer access control model based on organization structure is established, which is "User-Job-Role-Permission". On the one hand, it can clearly define role hierarchies; on the other hand, it provides reference for permission inheritance, making it better meet the users and permissions' complicated and changeable demands in the large organizations as enterprises or government departments.Firstly, the formulized description of each element in this model is given accordingly, and the mapping rules between each other, especially roles mapping with permissions, are analyzed in detail.Secondly, attributes of information resources such as time period, security constrains and context situation are taken in to account to establish information resources meta-model and operation object meta-model, of which merging rules are researched so that the set of function permissions and function menus can be fine-grained. As such, permissions transformation path is formulated and fine-grained access control strategy is established. Thirdly, considering the new usage control model, the concept of "sub-delegation" and "Context perception" is proposed to realize dynamic and flexible authorization.Last but not least, the situation that applying this access control strategy to privilege management in an e-government collaboration system is introduced, which is useful for its application and promotion in the near future.