中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 期刊论文
题名:
attribute-based authorization delegation model in multi-domain environments
作者: Wu Bin ; Feng Deng-Guo
关键词: 跨域授权 ; 基于属性的委托 ; 权限传播 ; 信任管理
刊名: Ruan Jian Xue Bao/Journal of Software
发表日期: 2011
卷: 22, 期:7, 页:1661-1675
部门归属: (1) State Key Laboratory of Information Security, Graduate University, The Chinese Academy of Sciences, Beijing 100049, China; (2) State Key Laboratory of Information Security, Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China; (3) National Engineering and Research Centre of Information Security, Beijing 100190, China
摘要: 传统的基于实体标识的授权模型会导致由于授权路径的不一致而引起权限传播的不一致,并可能导致不合法的实体进入授权路径获得不应有的权限.针对以上两方面的问题,提出一个基于属性的授权委托模型ABADM(attribute-based authorization delegation model),将授权模型中权限的传递与权力的委托均建立在实体所具有的属性集合的基础之上,以属性集合作为实体自身的代表进行授权,从而确保拥有相同属性凭证链的实体其权限是一致的.模型将属性与访问权限进行明确区分,提出了域内属性权限分配策略和域间属性计算模型,通过两者的结合给出了在ABADM模型中计算实体所拥有的跨域属性集合和访问权限的方法,并结合具体实例对模型的使用进行了说明.
英文摘要: Traditional identifier-based authorization models are limited to having different authorization paths that will cause the inconsistency in propagation of permission. In addition, unauthorized entities may acquire illegal permission by such an identifier-based authorization path. In order to solve these two problems, an attribute-based authorization delegation model (ABADM), suitable for multi-domain environments is presented. In the ABADM model, the delegation of authority and the propagation of permission are all based on the attribute sets of entities, which ensure that the entities on the same credential chain have the same permission. The model integrates attribute-permission assignation policies inside autonomic domains and the interdomain attributes mapping model. The algorithm for calculating the attribute sets and permissions of entities in the multi-domain environments is proposed. The usage of the ABADM model is illustrated through a common example. © Copyright 2011, Institute of Software, the Chinese Academy of Sciences.
语种: 中文
内容类型: 期刊论文
URI标识: http://ir.iscas.ac.cn/handle/311060/14061
Appears in Collections:信息安全国家重点实验室_期刊论文

Files in This Item:
File Name/ File Size Content Type Version Access License
attribute-based authorization delegation model in multi-domain environments.pdf(298KB)----限制开放-- 联系获取全文

Recommended Citation:
Wu Bin,Feng Deng-Guo. attribute-based authorization delegation model in multi-domain environments[J]. Ruan Jian Xue Bao/Journal of Software,2011-01-01,22(7):1661-1675.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Wu Bin]'s Articles
[Feng Deng-Guo]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Wu Bin]‘s Articles
[Feng Deng-Guo]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace