For the complex self-domains across different application requirements, the model IRBAC2000 is researched, and a combined access control model is presented. The main form of the model is implemented on web service. It extends IRBAC2000 access control model, reforms R-R role mapping concept, increases constraints of role mapping, advances an arithmetic of authority-conflict and makes use of extensible policy language SAML and XACML to describe access control policy. At last the practicability of the model is verified on the existing system and some problems to solve next step are solved.%针对复杂的跨不同自治域的应用需求,对IRBAC2000模型进行研究,提出了一种联合访问控制模型.该模型主体以Web服务形式实现,对IRBAC2000访问控制模型进行扩展,针对R-R角色映射进行改进,增加了角色映射限制条件,提出了一种防止权限冲突的算法,并且在应用中采用了可扩展策略语言SAML和XACML时应用的访问控制策略进行描述.最后在已有的应用系统上对模型进行验证,表明了其实用性,并提出了下一步要解决的问题.
展开▼
