Pki + Of Rbac With The Permission Of The Characteristics Of The Fast Table-based Design And Realization

With the development and application of Internet, the web security becomes more and more important, and becomes emphases in the computer network field, that should be developed and settled. In order to enhance network security, many countries brought forward their projects including the excellent project PKI. At the same time, in order to corporate with network, especially fit for the e-commerce and e-government, privilege management and access control already combine with network security and provide the foundation and guarantee for the network. RBAC is a kind of convenient, security, efficiency access control system. This paper analyses the basing-thought and framework, introduces basing-method of user-role distribution and role-permission distribution, at last exposes the method how to using RBAC to achieve privilege management in the framework. The privilege management system can extend PKI web site simply and make it be a PMI web site.PKI is an infrastructure that can insure the system security and validate user's authority through using public key technology and PKC. But that is not enough, PMI and AC is put forward for the network privilege management and combines privilege management with identity authentication. The paper analyses architecture of PKI and PMI, and recognizes the difficulty of extending the PKI system to PMI system. In order to extend the PKI function system to PMI function system, this paper proposals a transition scheme. The scheme combines the RBAC with PKI and builds network security system which have role-based authority control and PKI identity authentication. The scheme has simple structure and individual module, realizes most of the function in network security and privilege management field.There must be queried the certificate status in PKI system. OCSP (OnlineCertificate Status Protocol) can query certificate status online and provide real-time validation. But due to the rate and complexity problems in the multi-validation of CAs, OCSP can't be put in practice effortless. Basing OCSP, the paper defines Fast Table and uses Fast Table to validate status quickly in their local station. The combination of Fast Table and PKI+RBAC make the identify authentication and privilege management settled in their local station. It is a good project for privilege management of resource in web station.