计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2014年
23期
100-103,107
,共5页
曾世强%叶春晓%余一丰
曾世彊%葉春曉%餘一豐
증세강%협춘효%여일봉
工作流%任务%访问控制%属性约束%属性表达式
工作流%任務%訪問控製%屬性約束%屬性錶達式
공작류%임무%방문공제%속성약속%속성표체식
workflow%task%access control%attribute constraint%attribute expression
针对在工作流环境中不具备相应资质和能力的用户可能通过其担任的角色获取任务,进而获得访问权限的问题,提出在任务分配之前进行属性约束。用户和任务都具有属性和相应的属性表达式,用户属性反映用户具备的资质和能力,任务属性反映任务对用户资质和能力的要求,只有对应的属性表达式满足策略规则时系统才向用户进行任务授权。实例分析表明,该方法能够防止不具备相应资质和能力的用户获取任务权限,消除安全隐患,实现更加细粒度的访问控制。
針對在工作流環境中不具備相應資質和能力的用戶可能通過其擔任的角色穫取任務,進而穫得訪問權限的問題,提齣在任務分配之前進行屬性約束。用戶和任務都具有屬性和相應的屬性錶達式,用戶屬性反映用戶具備的資質和能力,任務屬性反映任務對用戶資質和能力的要求,隻有對應的屬性錶達式滿足策略規則時繫統纔嚮用戶進行任務授權。實例分析錶明,該方法能夠防止不具備相應資質和能力的用戶穫取任務權限,消除安全隱患,實現更加細粒度的訪問控製。
침대재공작류배경중불구비상응자질화능력적용호가능통과기담임적각색획취임무,진이획득방문권한적문제,제출재임무분배지전진행속성약속。용호화임무도구유속성화상응적속성표체식,용호속성반영용호구비적자질화능력,임무속성반영임무대용호자질화능력적요구,지유대응적속성표체식만족책략규칙시계통재향용호진행임무수권。실례분석표명,해방법능구방지불구비상응자질화능력적용호획취임무권한,소제안전은환,실현경가세립도적방문공제。
In order to resolve the problem that users who lack of corresponding qualifications and ability in workflow environment might get access rights through its role, this paper presents attribute constraints before the tasks assignment. Users and tasks have certain attributes and corresponding attribute expressions, user attributes reflect their equipped apti-tude and ability and task attributes indicate its requirements to users in qualifications and ability. The system authorizes to users only when the corresponding rules are satisfied by attribute expressions. Case analysis shows this approach can pre-vent the users who lack of corresponding qualifications and ability to get the tasks so as to eliminate the safety hazards and achieve a more fine-grained access control.