| The People's Republic of China national standard "GBT 20271-2006 Information security technology and information system security technical general requirements" in that the application of system security issues four parts include: authentication, access control, security auditing and logging, security technology and application . In this thesis, we would discuss about two main issues authentication and access control, and a hot technology director services would join in too, which made practical significantly.With network technology developed, large-scale distributed system based role access control is widely used in the web application. System user and application need to retrieve lots of information from the server every day, and each application may also be scattered in different locations. How to provide users with efficient and high quality service is an urgent problems need to be solved, so directory services technology is a good solution to this.This paper focuses o access control and directory services techniques. Combining RBAC and LDAP into the system to build a secure implementation of programs on the web is the major work of the paper. First of all, according to demanding and characteristics of the platform, attributes and delegate decision are introduced to the concept, establish a new access control model ,based on delegate property of the role -attribute access control model (ADRBAC). Then through designing the directory tree and schema of LDAP, this access control model is achieved. Finally, new modeling language SysML is used to sort out the whole system. The composition of the system, interface and communication between system functions, state transition is described by using graphics and tools of SysML. |
PDF Full Text Request