摘要
包含工作流的Web信息系统是目前较为流行的一种系统应用模式。针对现有TRBAC模型在此类系统应用中存在的控制数据冗余、效率低下等不足改进提出了一种新的访问控制模型,该模型将RBAC与TRBAC进行结合,并按操作级别对角色与权限进行划分,通过引入流程历史信息等约束条件实现动态授权中操作权限与执行上下文的紧密关联,较好地实现了动、静态授权的分离,在保证系统安全的同时降低了访问控制策略的复杂度,为此类系统访问控制策略的制定提供了一个基本的参考性框架。最后以基于Web的办公自动化系统为例描述了模型在应用中的实现方案。
Web Information System with workflow is a prevalent mode of system application. In allusion to the deficiencies of applying TRBAC model in such a kind of system which includes redundancy control data and low efficiency, this article puts forward an improved access control model. The model integrates RBAC and TRBAC, partitioning roles and permissions by the level of operation. In the dynamic authorization, operating permissions and function contexts are related by constraints with history information. By applying this model, the static authorization and the dynamic authorization are separated effectivdy, the complexity of access control strategy is lowered when the security is ensured, and a reference frame is provided. In the end, an implementation of the model in Web OA is described as an example.
出处
《后勤工程学院学报》
2006年第3期49-52,56,共5页
Journal of Logistical Engineering University
关键词
WEB信息系统
工作流
访问控制模型
动态授权
Web Information System
workflow
access control model
dynamic authorization