针对传统跨域授权管理模型角色设置方法单一,以及有可能出现隐蔽提升、职责分离冲突等问题,提出一种基于双层角色结构的跨域授权管理模型.通过在管理域内设置双层角色,使得角色的设置与管理更加符合现实需求;采用单向角色映射的方式杜绝映射环路;引入属性、条件等动态因素,实现了权限的动态调整.采用动态描述逻辑刻画了模型中的概念、关系及管理动作.对模型的安全性分析表明,该模型满足自治性和安全性原则.%With regard to the singleness of the role establishment method in the traditional cross-domain authorization management models,and the problems such as implicit promotion of privilege and the separation of duties conflict,a new cross-domain authorization management model based on two-tier role mapping was proposed.The two-tier role architecture met the practical needs of role establishment and management.On this basis,unidirectional role mapping can avoid the role mapping rings.By introducing attribute and condition,dynamic adjustment of permissions was realized.The model was formalized by dynamic description logic,including concepts,relations and management actions.In the end,the security of the model was analyzed.
展开▼
