The Pmi-based Access Control Policy Research

With the development of network and more occurrences of network applications, security of network increasingly becomes an important problem. To protect the network security, we should provide and discriminate information of identity and authorization for users. Nowadays PKI has become the common security support system for most network applications such as E-commerce. PKI records people's identities and privileges into public key certificate, providing an efficient way for identity authentication and establishing a base for enforcing access control over the network. However in PKI system, the contradiction between permanent authentication identity and changeable authorization in PKI becomes more and more evident, therefore PMI(Privilege Management Infrastructures) concept is brought in X.509v4 standard in 2000,pointing out the direction of studying for authorization.PMI binds the users'identities and attributes through attribute certificates, and realizes the management of user privileges across applications, systems and enterprise. However, PMI has just offered a kind of effective system structure to manage the users' attributes, so PMI must combine existing access control mechanism to define users'attributes, and realize access control of specific application through corresponding system security polices.In order to solve the security control problems of the Web resource, a PMI—based security access control system is designed .In this system,authentication is accomplished by identity certificate of the user ,privilege certificate is used for authorization and role policy is applied for accessing control the Web resource.Meanwhile ,a scheme of acquiring and managing the Web resource is proposed.An effective solution of security access control for the Web resource is provided in this system.