Access rights are determined based on the user′s role in role-based access control(RBAC),which pre-vents unauthorized users from accessing information resources.Although there are many different types of expan-sion RBAC currently,there is no universal model to define different types of constraints.In this paper,the model-driven engineering approach,based on the Unified Modeling Language(UML)and the Object Constraint Language (OCL),is used to construct a universal RBAC model to meet different constraints access control,referred to as Uni-RBAC.The model is defined on the different entities with OCL constraints to meet the requirements of various types of authorization,thus providing a good model for access control of a system not only in the design state but al-so in the run-time state.%基于角色的访问控制(Role-Based Access Control,RBAC)是根据用户角色确定访问权限,防止未经授权的用户访问信息资源。目前。尽管有许多不同类型的扩展RBAC,但是,没有一个通用的模型来定义不同类型的约束。本文基于统一建模语言(Unified Modeling Language,UML)和对象约束语言(Object Constraint Language,OCL),采用模型驱动的工程方法,构建了一个通用的满足不同约束访问控制的RBAC模型,简称Uni-RBAC.该模型通过在不同实体上定义OCL约束,来满足多种类型的授权要求,为系统在设计态和运行态的访问控制要求提供了良好的模型支撑。
展开▼