针对基于组织的四层访问控制模型(OB4LAC)在复杂政务系统中不能动态授权,对用户行为不能及时控制的问题,在细粒度约束层面,引入时间和环境约束,提出基于时间和环境约束的四层访问控制模型(TE-OB4LAC).借鉴行为的思想提出岗位行为、角色行为的概念;对模型进行形式化描述,并给出访问控制授权策略及授方案;将TE-OB4LAC模型应用于电子政务系统,分析并设计了基于TE-OB4LAC模型的授权管理系统的总体结构.通过应用实例予以验证,说明了模型的有效性和科学性.%Aiming at solving the problem that the organization-based access control model (OB4LAC) cannot authorize users dynamically and timely in the complex government system,this paper proposed a time and environment constrained and organization-based access control model (TE-OB4LAC) by adding time and environment constraints to OB4LAC at the fine granularity constraint level.Firstly,it put forward to the concept of position behavior and role behavior by referring to the idea of behavior.Then it formally defined the model,and gave the access control authorization strategy and grant scheme.Finally,it analyzed and designed the general structure of the authorization management system based on TE-OB4LAC model and applied the TE-OB4LAC model into the e-government system.Experiments showed that the model was effective and scientific.
展开▼