| With the development of network, all kinds of Internet-based application are booming, especially the e-business and the e-government, while the contradiction between the opening of network and the security of information has become more and more serious. It is very necessary for network communication to guarantee the security by providing the service of authentication and authorization. PKI (Public Key Infrastructure), which is on the base of cryptography, resolved the issue of trust perfectly using public key certificate as a carrier. Along with the further application, people are eager to control their sensitive resources, for example, confidential files and data, to organize and manage the privilege of the users. It is a great challenge to manage the authorization that combined PKI with the mechanism of access control. Role based Privilege Management Infrastructure ground on PKI and RBAC (Role based Access Control) technologies. It uses attribute certificate as a carrier, which works out the deficiency of authorization in PKI and the shortcomings of lack of managing the lifecycle of permission,in RBAC. The thesis analyzes the ITU-X.509 attribute certificate framework deeply, and evaluates the PMI models and the PMI architecture. Based on X.509 protocol and the framework of PMI, we build up a PMI model based on role-based delegation mechanism. After these, the design of prototype PMI is put forward , some key problems such as certificate management, access control and policy management are discussed. Finally, the implementation of a PMI system--RB-PMI is realized with the reference of PKI system, and a simple analysis of its performance is discussed. |
PDF Full Text Request