期刊文献+

基于角色-页面模型的WEB用户访问控制方法 被引量:21

A Role-page Model Based Access Control Method for Web Applications
下载PDF
导出
摘要 论文以RBAC(Role-BasedAccessControl:基于角色的访问控制)理论为基础,利用B/S应用模式的特点,将WEB应用的业务逻辑和对应的显示逻辑进行合理的划分,通过控制应用系统各个页面对于不同用户角色的可见性,提出了基于角色—页面模型的Web用户访问权限的控制方法,简化了RBAC模型的实现。该方法能够减少Web应用开发中繁琐的逻辑判断代码,方便应用系统的实施,并在“全国高校仪器设备和优质教育资源共享系统”中得到了应用。 Based on RBAC (Role-Based Access Control) theory,a role-page model based access control method for Web applications is given out to facilitate the Implementation of RBAC Model.Considering the characteristic of B/S application model,this method is to logically partition the business logic and the representation logic.Then the access control can be implemented by controlling the Web pages' availability to different roles.This method can be used to facilitate the construction of Web applications because it reduces the judge code of access control.And this method has already been validated in the CERS(China education Equipments and Resource Sharing) project.
出处 《计算机工程与应用》 CSCD 北大核心 2006年第21期124-126,共3页 Computer Engineering and Applications
基金 "十五""211工程"项目:全国高校仪器设备和优质教育资源共享系统
关键词 RBAC 角色-页面模型 WEB应用 访问控制 RBAC,role-page model,WEB application,access control
  • 相关文献

参考文献3

二级参考文献8

  • 1SANDHU R S, COYNE E J, FEINSTEIND H L, et al. Role-Based Access Control[ J ]. Models IEEE Computer, 1996,29(2) :38 -47.
  • 2BARKLEY J F, CINCOTrA A V, FERRAIOLO D F,et al.Role Based Access Control for the World Wide Web [ A ].NIST/NCSC, Proc 20th NIST-NCSC National Information Systems Security Conference[C]. USA: NIST/NCSC,1997.
  • 3Ferraiolo D F,Barkley J F,Kuhn D R.A Role Based Access Control Model and Reference Implementation Within a Corporate Intranet ACM Transactions on Information Systems Security, 1999-02
  • 4Gavrila S I, Barkley J F. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. Third ACM Workshop on Role-based Access Control, 1998
  • 5Sandhu R, Coyne E J,Feinstein H L,et al. Role-based Access Control Models. IEEE Computer, 1996,29(2)
  • 6张晓辉,王培康.大型信息系统用户权限管理[J].计算机应用,2000,20(11):35-36. 被引量:55
  • 7张大江,钱华林.一个利用数字证书实现的RBAC模型[J].小型微型计算机系统,2001,22(8):936-939. 被引量:12
  • 8叶锡君,许勇,吴国新.基于角色的访问控制在Web中的实现技术[J].计算机工程,2002,28(1):167-169. 被引量:50

共引文献69

同被引文献103

引证文献21

二级引证文献91

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部