CN1633085A - An access control method based on non-grade inter-role mapping - Google Patents
An access control method based on non-grade inter-role mapping Download PDFInfo
- Publication number
- CN1633085A CN1633085A CN 200410104105 CN200410104105A CN1633085A CN 1633085 A CN1633085 A CN 1633085A CN 200410104105 CN200410104105 CN 200410104105 CN 200410104105 A CN200410104105 A CN 200410104105A CN 1633085 A CN1633085 A CN 1633085A
- Authority
- CN
- China
- Prior art keywords
- role
- access
- external
- security domain
- mapping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
An access control method based on image between degreeless roles is to set up one or many external roles having virtual images with the opened resource access limitation used in access control in the safety area to set up degreeless external role image relation s among interacted safety domains and set up role image certificates to identify said image relations and set up an intermediate role imaged to the user actual access limitation based on the required text information of the access resources them to set up degreeless image between the intermediate role and external role, so when a user uses resources of other safety domains, it's only necessary to set up the image relation of local domain and the user.
Description
Technical field
The present invention relates to a kind ofly, belong to the safe access control technical field of computer network or communication network based on the access control method that shines upon between the off grade role.
Background technology
Along with development of internet technology and online increasing sharply of using, increasing business and transaction are undertaken by computer network, information security issues such as the thing followed is divulged a secret, hacker show especially day by day, and the safety of current information system has become the focus of industry and user's concern.Access control technology is a safety measure that safety information system is indispensable, and is all significant to the safety of protection host hardware system and application software system.
Access control technology originates from the seventies, is mainly used in the granted access of shared data on the management mainframe system at that time.Along with the development of computer technology and application and development, particularly network application, the thought of this technology and method are applied to the every field of information system rapidly.In the evolution in 30 years, multiple important access control technology has successively appearred, and its elementary object all is to prevent that the disabled user from entering the illegal use to system resource of system and validated user.In order to reach this target, access control is prerequisite with the authenticating user identification usually, and implements various access control policies on this basis and control and the behavior of standard validated user in system.At present, widely accepted main flow access control technology mainly contains autonomous access control, force access control and based on three kinds of role's access control, introduce it below respectively.
Autonomous access control (DAC, Discretionary Access Control) be that appearance with time-sharing system produces, basic thought is: the access rights to object (system resource) that the main body in the system (user or consumer process) can independently have it are authorized other main body whole or in part.Its implementation generally is to set up system's access control matrix, and the main body of the corresponding system of row of this matrix is listed as the object of corresponding system, the access rights of element representation main object.In order to improve systematic function, usually set up access control method in actual applications based on row (main body) or row (object).
Method based on row is all add the detail list of the object that this main body can visit on each main body, can be divided into capability list (Capabilities List), prefix table (Profiles) and three kinds of forms of password (Password) according to the difference of information in showing.The wherein capability list decision user visit (reading and writing, change, execution etc.) that whether can conduct interviews and carry out which kind of form object.A main body that has certain power can be visited object by certain way, and at the process run duration, access rights can be added or delete.Prefix table comprises shielded object name and the main body access right to it.When the main body desire is visited certain object, autonomous access control system will check whether the prefix of main body has the access right that it is asked.Each object in the password mechanism (even every kind of access module of object) all needs a password, and the password of this object at first is provided to operating system during the principal access object.
Per-column autonomous access control is to additional addressable its main body detail list of each object.It has two kinds of forms: guard bit (Protection bits) and access control list (ACL:Access Control List).Wherein guard bit is that all main bodys are indicated an access module set, because it can not express access control matrix completely, thereby seldom uses.Access control list can determine whether certain main body can visit this object, and it is that an additional main body detail list is represented access control matrix on object.In the table each comprises the identity of main body and to the access right of object.Access control list is the best method that realizes autonomous access control.
Although DAC has been achieved (for example UNIX) in many systems, yet the deadly defect of DAC is: the access right of authorizing can transmit.To be difficult to control in case access right passes, the management of access right is difficulty quite, can bring serious safety problem; On the other hand, DAC will not protect the copy that shielded object produces, and promptly a user can not visit a certain object, but can visit its copy, and this has more increased the difficulty of management; And in large scale system, no matter the enormous amount of main, object uses the DAC of any form, and the overhead that is brought is all quite expensive, be difficult to payment, but efficient is quite inferior, is difficult to satisfy the needs of large-scale application, particularly network application.Therefore, traditional autonomous access control safety protective capability is limited.
Force access control (MAC, Mandatory Access Control) to come from the requirement of information confidentiality and prevent the attack of Trojan Horse and so on, MAC stops direct or indirect illegal invasion by the limited-access that can't avoid.Master/object in the system is all by safety officer (SO, Security Officer) is forced to distribute a fixing security attribute, this security attribute determines whether a main body can visit certain object, and user or consumer process can not change the security attribute of self or other master/object.Force each main body in the access control system all to be awarded a safety certificate, each object then is designated as certain responsive rank.Two crucial rules of access control are: upwards do not read and do not write downwards, promptly information flow can only flow to high safe level from low level security, and the behavior of the acyclic information flow of any violation all is under an embargo.
Originally MAC is mainly used in military's application, and often is used in combination with DAC, after main body has only the inspection of having passed through DAC and MAC, could visit certain object.Because MAC applied stricter access control to object, thereby can prevent that the program of Trojan Horse and so on from stealing shielded information, MAC also has the prevention ability to the possibility of user's accidental release confidential information simultaneously.But, if user's malice leakage information, still might be powerless; And, because MAC has increased the restrict access that can not avoid, may influence the flexibility of system.On the other hand, though MAC has strengthened the information confidentiality as a kind of multistage access control system, can not implement integrity control.Because network information more needs integrality, has influenced the online application of MAC.In addition, the essence of MAC is based on the acyclic unidirectional flow of information policy of lattice, and realizes that in the MAC system prerequisite of the unidirectional flow of information is not have reverse latent channel in the system.What the existence of reverse latent channel can cause that information breaks the rules flows.Yet this latent channel is what be difficult to remove in the modem computer systems, as a large amount of shared storages and for promoting various Cache that hardware performance adopts etc.These have all increased security hole to system.
Developing rapidly of network, the particularly extensive use of Intranet, make the integrality of network information require to have surpassed confidentiality, and the quality of access control service is proposed requirements at the higher level, and two kinds of access control technologies of traditional DAC, MAC are difficult to satisfy these requirements.Therefore, NIST after the nineties (National Instituteof Standards and Technology) has proposed access control (RBAC, the Role-BasedAccess Control) notion based on the role, and is widely accepted.The outstanding advantage of RBAC technology is the empowerment management of having simplified under the various environment.Because access rights are directly authorized the user in the DAC/MAC system, the number of users in the system is numerous, and often change, has increased the complexity of empowerment management.The thought of RBAC is that access rights are distributed to the role, and each user in the system serves as specific role, and so-called role comes down to an authority set being associated with the particular job post.Therefore, compare with the user, the role is relatively stable.When the user changes, only need carry out cancelling and redistribute and getting final product of role, make user's empowerment management greatly simplify.At present, though RBAC has begun application in some system,, RBAC still is in developing stage, occurs ripe product as yet, how to use to remain a suitable complicated problems.
Briefly introduce the basic concepts of RBAC below: main body (subject): send the masters of visit or accessing operation requirement, normally the process of user or proxy user behavior.Object (object): the passive side who accepts other physical operation.Normally exercisable system resource is as file, program or data object.An entity at a time is a main body, and constantly may become object at another, depends on that this entity is the executor of action or holds the receptor.User (user): the personnel of attempt using system.Each user has a unique user ID, when the user enters system, must provide its user ID, carries out authentication for system.Role (role): the set of one group of responsibility and authority in the system.Role's division relates to the job duty of organization internal and taking all factors into consideration of security strategy.Access rights (permission): in the permission that is subjected to carry out on the object of system protection a certain operation.The user is to role-map (user-to-role mapping): for after the user distributes specific role, and the corresponding relation between this user and the role.The role arrives permissions mapping (permission-to-role mapping): after role assignments one group access authority, and the corresponding relation between this role and the access rights.By the role user and access rights are connected like this.The user has the summation of its affiliated all role's access rights.
Now, a kind of typical access control technology based on the role is the RBAC96 model, and it has four kinds of models:
RBAC0 is a basic model, describes the minimum requirement of the system of any support RBAC.RBAC0 comprises four fundamentals: user, role, session and access rights.Role's a subclass under the user activates in a session obtains a group access authority, the operation that can put rules into practice to relevant object, and any non-explicit authority of authorizing all is forbidden.
RBAC1 is the expansion to RBAC0, has increased the role hierarchy notion.In the actual tissue, the objective reality of authority of office overlapping phenomenon is the foundation of role hierarchy.By role hierarchy, higher level role can inherit the role's of subordinate access rights, adds self the distinctive authority that is awarded, and constitutes whole authorities of this role, is very easy to rights management like this.
RBAC2 also is the expansion of RBAC0, has increased the notion of constraint.Its constraint rule mainly contains:
Least privilege: the authority of distributing to the user can not surpass finishes the required minimum authority of its responsibility, otherwise can cause the abuse of power.
The mutual exclusion role, some role in the tissue is mutual exclusion, user can only belong to some among one group of mutual exclusion role at most, separates otherwise can destroy responsibility.Right assignment also has mutual exclusion constraint, same authority can only authorize some among the mutual exclusion role.
Constraint base and role's capacity: distributing to a user's role's number and authority number that role has can be limited as security strategy, is called constraint base.The number of users of role's correspondence is also restricted, can only be taken on by a people as general manager role, and this is role's capacity.
Prerequisite: a user will obtain prerequisite some condition of a certain role, must be accounting as the chief accountant.In like manner, a role must have a certain authority earlier and could obtain another authority, as the authority of the catalogue read must be arranged earlier in file system, the authority of written document can be arranged just then.
RBAC3 is the combination of RBAC1 and RBAC2.It combines role hierarchy and constraint, produces the constraint on the hierarchical organization.For example: the constraint base that waits inter-stage is given role's father role's (immediate superior) or sub-role's (directly subordinate) a restricted number.Mutual exclusion role Deng inter-stage can determine whether two given roles can have common higher level role or the role of subordinate, and particularly whether two mutual exclusion roles can have common higher level role.For example in a project team, programmer and test man are two mutual exclusion roles, and whether these two mutual exclusion roles can have common higher level role--person in charge of the project role, are decided by the mutual exclusion role who waits inter-stage exactly.
Along with networks development, the owner of resource can simultaneously in order to guarantee the safety of resource, need control the resource of oneself opening to the visit of resource.Therefore, when the access control policy of several resources employings is identical or similar, just can think that these resource collections have constituted a security domain; That is to say that the mutual visit between each resource in the same security domain all is to guarantee safety.Now, between each security domain visit more and more frequent alternately, security domain is in the resource of using other security domain to provide, its also open resource is for other security domain use.Carry out safe access control in order to guarantee the information security of each security domain, must split the resource of releasing.
Because each security domain all might be served as the dual role in access domain and interviewed territory simultaneously, be that the interior resource of security domain not only can be visited other security domain, also might be visited by other security domain, if directly adopt present access control technology based on the role, each security domain should define and the mapping relations (when user use the authority in this territory) of leading subscriber to this territory role so, also to define and the mapping relations (when user use the authority of other security domain) of leading subscriber, also will define the mapping relations to authority with the role of manager to other security domain role; And, if having hierarchical relationship between the role, define and manage the mapping relations between these different brackets role again.Thus, each security domain all needs to safeguard a large amount of mapping relations, makes that the complexity of maintenance management mapping relations increases greatly in each security domain.In addition, because the mapping relations between user and the role are relatively stable, hierarchical relationship between the role is also relatively stable, can't carry out the access control of dynamic real-time according to the context of each request, and these defectives have had a strong impact on the flexibility of the interactive access between each security domain.
Summary of the invention
In view of this, the purpose of this invention is to provide a kind of based on the access control method that shines upon between the off grade role, the control that conducts interviews of this method creating off grade mapping relations between a kind of external role between two mutual security domains, when the user uses the resource of other security domain, all only need set up user and the external role's in this territory mapping relations, greatly reduce the complexity of security domain management mapping relations, and can carry out real-time, effectively access control, flexibility is strong, guarantees the fail safe of visiting.
In order to achieve the above object, the invention provides a kind of based on the access control method that shines upon between the off grade role, its technical scheme is: in each security domain, create one or more be used for access control and with this territory in open resource access authority the external role of empty mapping is arranged, so that between mutual security domain, set up the external role-map relation of off grade, and create the external role-map relation that the role-map certificate identifies this off grade; While is according to the request contexts information of access resources, the middle role that dynamic creation and user's actual access authority are shone upon mutually in each security domain, between this centre role and one or more external role, set up the off grade mapping again, make when the user uses the resource of other security domain, only need set up user and the external role's in this territory mapping relations, thereby reduce the management complexity of security domain to mapping relations, and can carry out authority access control between the territory in real time, effectively, guarantee the fail safe of visiting.
This method comprises following operating procedure:
(1) in each security domain, creates one or more external roles, and the access rights of each open in these one or more external roles and this security domain resource are carried out the void mapping;
(2) security domain manager both sides hold consultation according to number one and/or access control policy, and in the off grade mapping of setting up between two security domains between the external role, and establishment role-map certificate identifies this mapping relations;
(3) when a security domain need use resource in another security domain, interviewed security domain carried out safety certification according to the role-map certificate to the access security territory after receiving the role-map certificate that sends in the access security territory, judges whether to accept the interview; If, accept the interview, carry out subsequent operation by authentication; Otherwise, the operation of execution in step (7);
(4) interviewed security domain parses and the one or more external roles in corresponding this territory of the external role in access security territory according to the role-map certificate, and with the resource access authority of the empty mapping of the one or more external roles in this territory, realize tentatively authorizing;
(5) the access control decision-making module of interviewed security domain is according to the resource access authority of one or more external roles and empty mapping thereof, especially the request contexts information of this visit, determine the access rights that this request really has, role in the middle of the dynamic creation again, and will this centre role with its access rights that really have and this centre role and the external role in this territory between the mapping of foundation reality respectively;
(6) main body in the access security territory realizes the resource access in the interviewed security domain is controlled by the mapping between the external role of external role in its territory and interviewed security domain, external role in the interviewed security domain and the mapping between the mapping between the middle role and this centre role and the resource access authority;
(7) interviewed security domain denied access, and beam back the denied access request responding for the access security territory.
Described external role is that the security domain owner is according to open which resource of access control policy decision of self with to behind whose open source, a kind of opening created and the role who carries out access control, be used for and the external role of other security domain between set up the mapping relations of off grade; There is empty mapping corresponding relation in this external role and the security domain between the access rights of all open resources.
Described empty mapping is the corresponding relation between a kind of external role and the resource access authority, this corresponding relation is represented: the access rights that may have these resources with other the external role or the user of this external role-map, must initiate the request contexts information of visit according to reality, the access control decision-making module could determine dynamically whether user/role really has the access rights of this resource.
The role is the authority according to access request contextual information, external role and empty mapping in the middle of described, the role that system dynamics is created; This centre role is shone upon mutually with the access rights that the user really has, also with same security domain in external role shine upon mutually, and do not have hierarchical relationship between the role of these two mutual mapping.
The mapping of described external role and middle role's mapping and middle role and access rights all is the mapping relations of short-life-cycle, only is present in access request, or in the repeatedly request process of a session.
Described role-map certificate is the voucher that is used to identify the external role-map relation of two exchanging visit security domains, be kept at respectively in each security domain, the access security territory just can be learned by which the external role in the interviewed security domain according to this role-map certificate visits resource in the interviewed security domain.
The form of described role-map certificate and implementation are by security domain both sides consult to decide, and its content includes but not limited to following information: the mapping relations between the role, and with the authority information of the empty mapping of role and the authentication information of security domain.
Described access request context is that the record main body needs accessed resources and time, geographical position, user ID and other solicited message relevant with this request, and interviewed security domain is dynamically determined the resource access authority that main body really has according to this request contexts information.
The basis of consulting to set up mapping relations between external role between described two security domains is to pay or carry out the authority exchange based on the free of both sides' mutual trust or according to needs separately.
The present invention is a kind of based on the mapping access control method between the off grade role, and its advantage is as follows:
Between security domain, set up the external role-map relation of off grade, main body in the security domain only needs to set up mapping relations with the external role in this territory, need not to consider with access domain in the relation of other entity or resource, make that each security domain all wants the complexity of a large amount of mapping relations of maintenance and management obviously to simplify at present; And, be the off grade mapping relations of nonrated restriction between the role externally, also be the mapping relations of nonrated restriction between role and the middle role externally, make that the relation between the role is oversimplified, be convenient to management and control.In addition, it externally between role and the resource access authority empty mapping, main body in other security domain can not directly be passed through external role's gain access, thereby the authority that makes dynamic decision main body really have becomes possibility, has solved mapping relations between user and role in the prior art and the hierarchical relationship between the role is all relatively stable, lack the defective of flexibility.Moreover this method utilizes the access control decision-making module according to role in the middle of the dynamic creation of access request contextual information, sets up external role and middle role-map, middle role and the permissions mapping of off grade, to realize the dynamic real-time mandate.This centre role's life cycle is very short, only is present in access request, and perhaps in the repeatedly request process of a session, maintenance management is simple, easily.
Description of drawings
Fig. 1 is the operation principle schematic diagram that the present invention is based on the access control method that shines upon between the off grade role.
Fig. 2 the present invention is based on the access control method operating process block diagram that shines upon between the off grade role.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Referring to Fig. 1, it is a kind of based on the access control method that shines upon between the off grade role to introduce the present invention, it is at each security domain 1, create one or more external role role that are used for access control in 2 respectively, 1. this external role role except having mapping relations respectively and between the user agent subject in this security domain, with resource access authority permission open in this territory have empty mapping relations 4. beyond, the off grade mapping relations are also arranged 2. between it and the middle role middle role according to request contexts information context dynamic creation in each security domain of access resources, and 3. the actual access authority of this centre role middle role and user agent subject has real mapping.Like this, when the user uses the resource of other security domain, only need set up earlier between this user agent subject and the external role in this territory mapping relations 1., 5. the external role-map of setting up off grade again between mutual two security domains 1,2 concerns, access request is sent to interviewed security domain, access control decision-making module by interviewed security domain comes the middle role middle of dynamic creation role according to role-map certificate RMC and request contexts context, just can authorize the visitor the real actual access rights that have.This method has reduced the management complexity of security domain to mapping relations, and can carry out the authority access control between the territory in real time, effectively, guarantees access security.
Referring to Fig. 2, specify the operating procedure that the present invention is based on the access control method that shines upon between the off grade role:
(1) in each security domain, creates one or more external roles, and the access rights of each open in these one or more external roles and this security domain resource are carried out the void mapping;
The security domain manager creates one or more external roles according to open which resource of access control policy decision of self with to behind whose open source, and these one or more external roles are carried out the void mapping with the access rights of the resource of opening respectively.The external role here is creation of the present invention, and it is a kind of opening and the role that carries out access control, be used for and the external role of other security domain between set up the mapping relations of off grade; This external role is the set of the access rights of all open sources in the security domain, but the corresponding relation between it and the authority is empty mapping.Only expression and other external role of this external role-map or the access rights that the user may have these resources of this empty mapping, the external world can not directly come the rights of using access resources by external role, in the time of must initiating actual access request by the time, ability is the extraneous access rights that whether can really have this resource of decision dynamically.
(2) security domain manager both sides hold consultation according to number one and/or access control policy, and in the off grade mapping of setting up between two security domains between the external role, and establishment role-map certificate identifies this mapping relations;
External role's mutual mapping belongs to the role-map between the territory, and does not have hierarchical relationship between these two external roles between the security domain.When the main body desire in the security domain was used the resource of other security domain, this main body elder generation shone upon mutually with the external role in this territory, is shone upon mutually with the external role in territory, resource place by the external role in this territory again.Set up before the role-map between two security domains, the transaction of need holding consultation, and the basis of consulting transaction can be to carry out the authority exchange according to needs separately is perhaps by paying, perhaps based on the multiple mode such as free of bipartite mutual trust.After negotiation is reached an agreement, foundation is used to identify voucher---the role-map certificate (RMC of the external role-map relation of two exchanging visit security domains, Role MappingCertificate), this role-map certificate is kept at respectively in each security domain, its form and implementation are by security domain both sides consult to decide, as long as both sides can approve.Its content comprises at least: describe the mapping relations between the role, with the authority information of the empty mapping of role and the authentication information of security domain etc., it is a kind of Certificate Authority certificate; Also be that the access security territory is learned by which the external role in the interviewed security domain and visited the wherein foundation of resource.For example when a security domain 1 will be visited another security domain 2, the external role of security domain 1 knows that according to role-map certificate between the two it should visit by which the external role in the security domain 2 resource in the security domain 2.
(3) before a security domain need use resource in another security domain, the access security territory will be submitted the role-map certificate to interviewed security domain earlier, after interviewed security domain receives the role-map certificate that sends in the access security territory, according to the role-map certificate safety certification is carried out in the access security territory, judge whether to accept the interview; If, accept the interview, carry out subsequent operation by authentication; Otherwise, the operation of execution in step (7);
(4) interviewed security domain parses and the one or more external roles in corresponding this territory of the external role in access security territory according to the role-map certificate, and with the resource access authority of the empty mapping of the one or more external roles in this territory, because empty mapping is externally arranged between role and the authority, therefore after setting up external role's mapping relations, realize tentatively authorizing;
(5) the access control decision-making module of interviewed security domain is according to the request contexts information of this visit, determine the access rights that this request really has, role in the middle of the dynamic creation again, and will this centre role with its access rights that really have and this centre role and the external role in this territory between the mapping of foundation reality respectively;
Request contexts context is that the record main body needs accessed resources and time, geographical position, user ID and other solicited message relevant with this request, its form and load mode all do not have regulation, and interviewed security domain is dynamically determined the resource access authority that main body really has according to request contexts information.Middle role middle role is the role of system according to the dynamic creation of access request contextual information, the access rights mutual mapping that this centre role and user really have, while shines upon mutually with the external role in the same security domain, but does not have hierarchical relationship between the role of these two mutual mapping.The life cycle of two kinds of mapping relations of middle the role that this step is set up and external role-map and middle role and permissions mapping is all very short, only is present in access request or in the repeatedly request process of a session.
(6) main body in the access security territory realizes the resource access in the interviewed security domain is controlled by the mapping between the external role of external role in its territory and interviewed security domain, external role in the interviewed security domain and the mapping between the mapping between the middle role and this centre role and the resource access authority;
(7) interviewed security domain denied access, and beam back the denied access request responding for the access security territory.
In a word, the present invention is the mapping of setting up the off grade relation between the external role of different security domains, main body in the security domain needs only and the external role in this territory sets up mapping, need not to have simplified the bookkeeping of security domain for mapping relations with setting up mapping between the external role of interviewed security domain.In addition,, pass through middle role by the dynamic creation of access control decision-making module though externally the role is not directly shone upon with authority mutually, this centre role respectively with the mapping of external role and authority, reached the purpose of actual grant.And middle role and very short with the life cycle of the mapping of external role and authority only is present in access request or in the repeatedly request process of a session, has simplified the management and the operation complexity of mapping relations.
Claims (10)
1, a kind of based on the access control method that shines upon between the off grade role, it is characterized in that: in each security domain, create one or more be used for access control and with this territory in open resource access authority the external role of empty mapping is arranged, so that between mutual security domain, set up the external role-map relation of off grade, and create the external role-map relation that the role-map certificate identifies this off grade; While is according to the request contexts information of access resources, the middle role that dynamic creation and user's actual access authority are shone upon mutually in each security domain, between this centre role and one or more external role, set up the off grade mapping again, make when the user uses the resource of other security domain, only need set up user and the external role's in this territory mapping relations, thereby reduce the management complexity of security domain to mapping relations, and can carry out authority access control between the territory in real time, effectively, guarantee the fail safe of visiting.
2, according to claim 1 based on the access control method that shines upon between the off grade role, it is characterized in that: comprise following operating procedure:
(1) in each security domain, creates one or more external roles, and the access rights of each open in these one or more external roles and this security domain resource are carried out the void mapping;
(2) the manager both sides of security domain hold consultation according to number one and/or access control policy, and in the off grade mapping of setting up between two security domains between the external role, and establishment role-map certificate identifies this mapping relations;
(3) when a security domain need use resource in another security domain, interviewed security domain carried out safety certification according to the role-map certificate to the access security territory after receiving the role-map certificate that sends in the access security territory, judges whether to accept the interview; If, accept the interview, carry out subsequent operation by authentication; Otherwise, the operation of execution in step (7);
(4) interviewed security domain parses and the one or more external roles in corresponding this territory of the external role in access security territory according to the role-map certificate, and with the resource access authority of the empty mapping of the one or more external roles in this territory, realize tentatively authorizing;
(5) the access control decision-making module of interviewed security domain is according to the resource access authority of one or more external roles and empty mapping thereof, especially the request contexts information of this visit, determine the access rights that this request really has, role in the middle of the dynamic creation again, and will this centre role with its access rights that really have and this centre role and the external role in this territory between the mapping of foundation reality respectively;
(6) main body in the access security territory realizes the resource access in the interviewed security domain is controlled by the mapping between the one or more external role in the mapping between the one or more external role of external role in its territory and interviewed security domain, the interviewed safe city and the mapping between the middle role and this centre role and the resource access authority;
(7) interviewed security domain denied access, and beam back the denied access request responding for the access security territory.
3, according to claim 1 based on the access control method that shines upon between the off grade role, it is characterized in that: described external role is that the security domain owner is according to open which resource of access control policy decision of self with to behind whose open source, a kind of opening created and the role who carries out access control, be used for and the external role of other security domain between set up the mapping relations of off grade; There is empty mapping corresponding relation in this external role and the security domain between the access rights of all open resources.
4, according to claim 3 based on the access control method that shines upon between the off grade role, it is characterized in that: described empty mapping is the corresponding relation between a kind of external role and the resource access authority, this corresponding relation is represented: the access rights that may have these resources with other the external role or the user of this external role-map, must initiate the request contexts information of visit according to reality, the access control decision-making module could determine dynamically whether user/role really has the access rights of this resource.
5, according to claim 1 based on the access control method that shines upon between the off grade role, it is characterized in that: the role is the authority according to access request contextual information, external role and empty mapping in the middle of described, the role that system dynamics is created; This centre role is shone upon mutually with the access rights that the user really has, also with same security domain in external role shine upon mutually, and do not have hierarchical relationship between the role of these two mutual mapping.
6, according to claim 5 based on the access control method that shines upon between the off grade role, it is characterized in that: the mapping of described external role and middle role's mapping and middle role and access rights all is the mapping relations of short-life-cycle, only be present in access request, or in the repeatedly request process of a session.
7, according to claim 1 based on the access control method that shines upon between the off grade role, it is characterized in that: described role-map certificate is the voucher that is used to identify the external role-map relation of two exchanging visit security domains, be kept at respectively in each security domain, the access security territory just can be learned by which the external role in the interviewed security domain according to this role-map certificate visits resource in the interviewed security domain.
8, according to claim 7 based on the access control method that shines upon between the off grade role, it is characterized in that: the form of described role-map certificate and implementation are by security domain both sides consult to decide, its content includes but not limited to following information: the mapping relations between the role, and with the authority information of the empty mapping of role and the authentication information of security domain.
9, according to claim 2 based on the access control method that shines upon between the off grade role, it is characterized in that: described access request context is that the record main body needs accessed resources and time, geographical position, user ID and other solicited message relevant with this request, and interviewed security domain is dynamically determined the resource access authority that main body really has according to this request contexts information.
10, according to claim 2 based on the access control method that shines upon between the off grade role, it is characterized in that: the basis of consulting to set up mapping relations between external role between described two security domains is to pay or carry out the authority exchange based on the free of both sides' mutual trust or according to needs separately.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004101041058A CN100574210C (en) | 2004-12-29 | 2004-12-29 | A kind of based on the access control method that shines upon between the off grade role |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004101041058A CN100574210C (en) | 2004-12-29 | 2004-12-29 | A kind of based on the access control method that shines upon between the off grade role |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1633085A true CN1633085A (en) | 2005-06-29 |
| CN100574210C CN100574210C (en) | 2009-12-23 |
Family
ID=34848207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004101041058A Expired - Fee Related CN100574210C (en) | 2004-12-29 | 2004-12-29 | A kind of based on the access control method that shines upon between the off grade role |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100574210C (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100364278C (en) * | 2005-10-24 | 2008-01-23 | 南京邮电大学 | Method for controlling five layer resource access based on extending role |
| CN101631021A (en) * | 2008-07-18 | 2010-01-20 | 日电(中国)有限公司 | Position sensitive and role-based method, device and system for access control |
| CN101771676A (en) * | 2008-12-31 | 2010-07-07 | 华为技术有限公司 | Setting and authentication method for cross-domain authorization and relevant device and system |
| CN101951372A (en) * | 2010-09-17 | 2011-01-19 | 公安部第三研究所 | Dual-authorization cross-domain access control method |
| CN101286845B (en) * | 2008-05-12 | 2011-02-09 | 华中科技大学 | Control system for access between domains based on roles |
| CN102148829A (en) * | 2011-03-29 | 2011-08-10 | 苏州市职业大学 | Calculation method for entity node reliability under grid environment |
| CN101379504B (en) * | 2006-02-22 | 2011-11-16 | 国际商业机器公司 | Access control management method and system for composite application based on roles |
| CN101262474B (en) * | 2008-04-22 | 2012-02-01 | 武汉理工大学 | A cross-domain access control system for realizing role and group mapping based on cross-domain authorization |
| CN101572603B (en) * | 2008-04-30 | 2012-05-30 | 国际商业机器公司 | System and method for unified access control for composition service in distributed environment |
| CN103020512A (en) * | 2012-11-26 | 2013-04-03 | 清华大学 | Realization method and control system for safe control flow of system |
| CN103166944A (en) * | 2011-12-19 | 2013-06-19 | 中国人民解放军63928部队 | Data access controlling method crossing safety area based on role mapping |
| CN101441688B (en) * | 2007-11-20 | 2015-08-19 | 阿里巴巴集团控股有限公司 | A kind of user right distribution method and a kind of user authority control method |
| CN105827663A (en) * | 2016-06-02 | 2016-08-03 | 中国联合网络通信集团有限公司 | Access control method and system |
| CN109948360A (en) * | 2019-02-26 | 2019-06-28 | 维正知识产权服务有限公司 | A kind of more control domain security kernel construction methods and system for complex scene |
| CN111506899A (en) * | 2020-04-15 | 2020-08-07 | 北京谦川科技有限公司 | Authority management method and authority management architecture of security system |
| CN114884728A (en) * | 2022-05-06 | 2022-08-09 | 浙江蓝景科技有限公司 | Security access method based on role access control token |
-
2004
- 2004-12-29 CN CNB2004101041058A patent/CN100574210C/en not_active Expired - Fee Related
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100364278C (en) * | 2005-10-24 | 2008-01-23 | 南京邮电大学 | Method for controlling five layer resource access based on extending role |
| CN101379504B (en) * | 2006-02-22 | 2011-11-16 | 国际商业机器公司 | Access control management method and system for composite application based on roles |
| CN101441688B (en) * | 2007-11-20 | 2015-08-19 | 阿里巴巴集团控股有限公司 | A kind of user right distribution method and a kind of user authority control method |
| CN101262474B (en) * | 2008-04-22 | 2012-02-01 | 武汉理工大学 | A cross-domain access control system for realizing role and group mapping based on cross-domain authorization |
| CN101572603B (en) * | 2008-04-30 | 2012-05-30 | 国际商业机器公司 | System and method for unified access control for composition service in distributed environment |
| US8769653B2 (en) | 2008-04-30 | 2014-07-01 | International Business Machines Corporation | Unified access control system and method for composed services in a distributed environment |
| CN101286845B (en) * | 2008-05-12 | 2011-02-09 | 华中科技大学 | Control system for access between domains based on roles |
| CN101631021A (en) * | 2008-07-18 | 2010-01-20 | 日电(中国)有限公司 | Position sensitive and role-based method, device and system for access control |
| CN101631021B (en) * | 2008-07-18 | 2014-04-02 | 日电(中国)有限公司 | Position sensitive and role-based method, device and system for access control |
| WO2010075798A1 (en) * | 2008-12-31 | 2010-07-08 | 华为技术有限公司 | Configuration and authentication method for cross-domain authorization, the equipment and system thereof |
| CN101771676B (en) * | 2008-12-31 | 2013-04-24 | 华为技术有限公司 | Setting and authentication method for cross-domain authorization and relevant device and system |
| CN101771676A (en) * | 2008-12-31 | 2010-07-07 | 华为技术有限公司 | Setting and authentication method for cross-domain authorization and relevant device and system |
| CN101951372A (en) * | 2010-09-17 | 2011-01-19 | 公安部第三研究所 | Dual-authorization cross-domain access control method |
| CN102148829A (en) * | 2011-03-29 | 2011-08-10 | 苏州市职业大学 | Calculation method for entity node reliability under grid environment |
| CN103166944A (en) * | 2011-12-19 | 2013-06-19 | 中国人民解放军63928部队 | Data access controlling method crossing safety area based on role mapping |
| CN103166944B (en) * | 2011-12-19 | 2016-02-24 | 中国人民解放军63928部队 | A kind of based role map across security domain data access control method |
| CN103020512B (en) * | 2012-11-26 | 2015-03-04 | 清华大学 | Realization method and control system for safe control flow of system |
| CN103020512A (en) * | 2012-11-26 | 2013-04-03 | 清华大学 | Realization method and control system for safe control flow of system |
| CN105827663A (en) * | 2016-06-02 | 2016-08-03 | 中国联合网络通信集团有限公司 | Access control method and system |
| CN109948360A (en) * | 2019-02-26 | 2019-06-28 | 维正知识产权服务有限公司 | A kind of more control domain security kernel construction methods and system for complex scene |
| CN109948360B (en) * | 2019-02-26 | 2023-04-07 | 维正知识产权科技有限公司 | Multi-control-domain security kernel construction method and system for complex scene |
| CN111506899A (en) * | 2020-04-15 | 2020-08-07 | 北京谦川科技有限公司 | Authority management method and authority management architecture of security system |
| CN111506899B (en) * | 2020-04-15 | 2023-06-16 | 宁波谦川科技有限公司 | Rights management method and rights management architecture of security system |
| CN114884728A (en) * | 2022-05-06 | 2022-08-09 | 浙江蓝景科技有限公司 | Security access method based on role access control token |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100574210C (en) | 2009-12-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101366435B1 (en) | Security authorization queries | |
| KR101354848B1 (en) | Controlling the delegation of rights | |
| US8225378B2 (en) | Auditing authorization decisions | |
| US7065784B2 (en) | Systems and methods for integrating access control with a namespace | |
| CN100574210C (en) | A kind of based on the access control method that shines upon between the off grade role | |
| US20060277595A1 (en) | Techniques for providing role-based security with instance-level granularity | |
| US8095969B2 (en) | Security assertion revocation | |
| US20080066147A1 (en) | Composable Security Policies | |
| US20080066158A1 (en) | Authorization Decisions with Principal Attributes | |
| US20080066169A1 (en) | Fact Qualifiers in Security Scenarios | |
| KR20050014678A (en) | Zoned based security administration for data items | |
| MXPA04007410A (en) | Moving principals across security boundaries without service interruption. | |
| JP3756397B2 (en) | ACCESS CONTROL METHOD, ACCESS CONTROL DEVICE, AND RECORDING MEDIUM | |
| Delessy et al. | Patterns for access control in distributed systems | |
| Nagarajan et al. | Trust management for trusted computing platforms in web services | |
| CN114154193A (en) | Cross-domain access control method based on block chain | |
| Shetty et al. | Policy-Based access control scheme for securing hadoop ecosystem | |
| US20080065899A1 (en) | Variable Expressions in Security Assertions | |
| CN110427770A (en) | A kind of Access and control strategy of database method and system for supporting service security to mark | |
| CN115422526B (en) | Role authority management method, device and storage medium | |
| Nait Bahloul et al. | H-RCBAC: Hadoop Access Control Based on Roles and Content | |
| Abdi | DECENTRALIZED ACCESS CONTROL FOR IoT BASED ON BLOCKCHAIN TECHNOLOGY | |
| Chakrabarti et al. | Grid authorization systems | |
| Kagal et al. | On Security in Open Multi-Agent Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091223 Termination date: 20121229 |