摘要
分析了网格访问控制的特性,提出了基于PKI的分布式RBAC模型(G-RBAC),它实现了网格访问控制中的跨信任域授权,并且利用可变属性值的授权证书使得系统能够动态地根据用户的登录环境授予不同的权限。该文给出了G-RBAC的形式化描述、角色分类以及访问验证算法。最后通过一个实例说明了具体的访问控制过程。
This paper analyses requirements of access control in grid environments, and presents a framework of PKI-based distributed RBAC (G-RBAC). It solves the problem of authorization between different trust regions in grid, and complements context-aware authorization mechanisms to dynamically grant permissions to users by their current Iogon environments. The formalization of G-RBAC, the classify of roles and the algorithm of validation are discussed. In the end, an example is given to illuminate the process of accessing grid resources by G-RBAC.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2006年第6期163-166,共4页
Computer Engineering
基金
国家"863"计划基金资助项目(2003AA4Z3210
2003AA413031)
