Multi-organization For Multi-user Role-based Access Control

The public traffic system is an important link in the national life, and it is also the strong guarantee of social economic development; Intelligent Transportation System (ITS), which is in the frontier of public traffic system, is a an omni-directional , real-time and accurate, high-efficient traffic administrative system synthetically using advanced electronic technology , information administrative skill , technology of the sensor and system engineering.Based on the research and development of Hisense Advanced Public Traffic System (HSATPS) , this thesis puts forward a whole set of solutions to the control of security visit in the system, which meets the business demands of enterprises.The control of security access is the focus of the research on the distributed system in recent years. Traditional access control model has already not been able to adapt to the characteristics of modem enterprises, ranging from huge amount of information, institutional framework complicatedness to the frequent personnel flow. Based on the model of RBAC is an advanced access control method prevailing in the world at present. Comparing two of the tradition access control models, DAC and MAC, this thesis analyses the advantages of RBAC model. It also combines dispatching business in public traffic enterprises and RBAC model, localized the latter one, and then put forward the ERBAC model which meets the systematic demand. On one hand this model emphasizes the importance in organizing and administration in the secure systematic access, on the other hand it has carried on abundant division of the authority concept in the traditional theory and provides the formalized authority definition.After building theory model, this thesis analyzes the deficiency of original HSAPTS1.0, designs a role-based secure access control subsystem which supports multi-organizations and multi-user's visits and it also provides the whole structure, functional package, visiting control strategies and database .design of the subsystem. Among them, the author provides one user identity authentication to strengthen security. To realize this system, the author of this thesis manages to accomplish a perfect and flexible secure access subsystem on the basis of Hisense intellectual public traffic products so that liberated from the repetition work of authority administration, developers are enabled to focus on the functional development of the application system. On the design andrealization of this subsystem the author also realizes commonability, compatibility and suitabilityFinally, according to the character of huge relation records in role-based access control database, this thesis discusses a new partitioned-number-based store mechanism which according to the natural number partition of number theory establishes a simpler reflective relation between role set and authority set, it also provides the theoretical instruction and realization of key algorithm.