The Research And Implementation Of Integrated And Unified Authorization Management System

With the rapid development and popularization of the Internet, an effective access control mechanism is the precondition of reasonably using the information and fully playing the role of an information system, but the method adopted to organize and describe the relationship of users, resources and operations is the key of access control mechanism, there are many popular access control methods, such as ACL (Access Control List), RBAC (Role-based Access Control), ABAC (Attribute-based Access Control) and so on.But now, different applications may use different access control methods because of various reasons, so the access control management system which is designed for a specific access control method is special, this has a big limitation for distributed interaction. how to simultaneously support different access control methods, how to unified and effectively manage the authorization policies of many different resources and how to describe the contents of access control with a portable, unified approach and a profuse vocabulary are all the serious problems faced in the practical application.To solve the above problems, this study proposes an integrated and unified authorization management system, it can support and expand different access control methods. The system implements three kinds of access control methods of ACL-based, RBAC-based and ABAC-based by creating user tree, role tree, resource tree and function tree, it proposes a more general access control method which can express complex policies by introducing XACML, and provides a complete process of on-line authorization.The system consists of the identity and access database, the identity and access service module, the identity and access management module, the authorization module and the implementation module. Identity and access database is the LDAP database which stores information of users, groups, roles, resources, functions and access control rules and so on. The identity and access service module achieves all kinds of operations of the database and provides local and remote interfaces for the modules of identity and access management and authorization. The identity and access management module is a web application that mainly gives the solution to support creation and management information of users, roles, resources and a variety of access control policies of the ACL, RBAC and ABAC. The main function of the authorization module is to respond to the request submitted by application system. The implementation module uses filters to intercept the user's requests and sends them to the authorization module.