The Rb-pmi-based Virtual Enterprise Access Control Design And Realization

With the development of network, all kinds of Internet-based application are booming, especially the e-business and the e-government, and the contradiction between the opening of network and the security of information has become more and more serious. In the course of network communication, it is very necessary for communicators to guarantee the security of the communication by the service of authentication and authorization. PKI (Public Key Infrastructure), which is on the base of cryptography, using public key certificate as a carrier, resolved the issue of trust perfectly. Along with the application further, people are eager to control their sensitive resource for example confidential files and data, to organize and manage the privilege of the users. It is a great challenge to manage the authorization that combined PKI with the mechanism of access control.Role based Privilege Management Infrastructure ground on PKI technology and the theory of RBAC (Role based Access Control). It uses attribute certificate as a carrier, which works out the deficiency of authorization in PKI and the shortcomings of the RBAC without managing the lifecycle of permission. The thesis analyzes the ITU-X.509 attribute certificate framework deeply, and evaluates the PMI models and the PMI architecture. Specially discussing the PMI authorization policy, it puts forward the XACML (Extensible Access Control Markup Language) as the PMI authorization policy language, which enriches the theory of the PMI authorization and shortens the distance between the PMI and the application system of PMI.After the analysis and study of PMI basic theory, firstly, the whole design of a Role Based PMI system (RB-PMI) whose model has been brought into effect so far. is brought forth. The model not only can realize the effective management of the lifecycle of user's attribute, but also can carry out the management of roles-permission (namely authorization policy). Secondly, Based on the RB-PMI model, the PKI/PMI based application framework and application process flow are presented. Finally, we analysis the requirements of the access-control of the Virtual Enterprises, as well as the methods to reconstruct the information systems. We also implement the Web application of RB-PMI on the Microsoft Internet Information Server 5.0 platform.