CAJ | 학술논문

转授权技术能解决分布式环境下的用户授权问题,但在多步转授过程中可能引发循环授权和权限扩散.研究任务一角色访问控制(TRBAC)模型,提出基于授权步数和角色差度的工作流转授权(DR-TRBAC)模型,根据同一任务的转授关系构建转授权树,通过限定授权步数和遍历转授权树解决循环授权问题,设置转授用户间最大角色差度防止权限的扩散.应用实例证明了DR-TRBAC模型的实用性.
전수권기술능해결분포식배경하적용호수권문제,단재다보전수과정중가능인발순배수권화권한확산.연구임무일각색방문공제(TRBAC)모형,제출기우수권보수화각색차도적공작류전수권(DR-TRBAC)모형,근거동일임무적전수관계구건전수권수,통과한정수권보수화편력전수권수해결순배수권문제,설치전수용호간최대각색차도방지권한적확산.응용실예증명료DR-TRBAC모형적실용성.
The delegation technology can solve the authorization problem of users in distributed environment, which makes the permission management flexible. However, it is possible to cause the issues of cycle authorization and permission diffusion in the process of multi-step delegation. On the basis of T-RBAC, the paper proposes a DR-TRBAC model based on delegation depth and role range. It creates delegation tree according to delegation relationship of one task. The cycle authorization problem is solved by limiting delegation depth. The permission diffusion is controlled by setting the maximum of role range between users. The feasibility of DR-TRBAC is proved through an application.