PDF HTML阅读 XML下载 导出引用 引用提醒 多域环境下基于属性的授权委托模型 DOI: 10.3724/SP.J.1001.2011.03870 作者: 作者单位: 作者简介: 通讯作者: 中图分类号: 基金项目: 国家自然科学基金(60803129); 下一代互联网业务试商用及设备产业化专项(CNGI-09-03-03) Attribute-Based Authorization Delegation Model in Multi-Domain Environments Author: Affiliation: Fund Project: 摘要 | 图/表 | 访问统计 | 参考文献 | 相似文献 | 引证文献 | 资源附件 | 文章评论 摘要:传统的基于实体标识的授权模型会导致由于授权路径的不一致而引起权限传播的不一致,并可能导致法的实体进入授权路径获得不应有的权限.针对以上两方面的问题,提出一个基于属性的授权委托模型ABADM (attribute-based authorization delegation model),将授权模型中权限的传递与权力的委托均建立在实体所具有的属合的基础之上,以属性集合作为实体自身的代表进行授权,从而确保拥有相同属性凭证链的实体其权限是一致的.模型将属性与访问权限进行明确区分,提出了域内属性权限分配策略和域间属性计算模型,通过两者的结合给出ABADM 模型中计算实体所拥有的跨域属性集合和访问权限的方法,并结合具体实例对模型的使用进行了说明. Abstract:Traditional identifier-based authorization models are limited to having different authorization paths that will cause the inconsistency in propagation of permission. In addition, unauthorized entities may acquire illegal permission by such an identifier-based authorization path. In order to solve these two problems, an attribute-based authorization delegation model (ABADM), suitable for multi-domain environments is presented. In the ABADM model, the delegation of authority and the propagation of permission are all based on the attribute sets of entities, which ensure that the entities on the same credential chain have the same permission. The model integrates attribute-permission assignation policies inside autonomic domains and the interdomain attributes mapping model. The algorithm for calculating the attribute sets and permissions of entities in the multi-domain environments is proposed. The usage of the ABADM model is illustrated through a common example. 参考文献 相似文献 引证文献