访问控制是应用系统中的重要问题之一.传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性.文章提出一种基于策略的动态角色分配模型(Policy-based Dynamic Role Assignment Model——PDRA),它无需同步用户就可以自定义角色,并通过策略匹配的方式实现动态分配.模型完全兼容RBAC,可以成为RBAC良好的扩展机制.文章给出了模型的定义和算法,评估了模型的性能,并在华东师范大学的数据治理平台中进行了应用,验证了该方案的可行性和有效性.
Policy-based Dynamic Role Assignment Model and Application
Access control is one of the important issues in application systems.Traditional role-based access control(RBAC)schemes require predefining and synchronizing user-role assignment relations,which bring management costs and synchronization overheads,and limit the flexibility and dynamism of application systems.This paper proposes a policy-based dynamic role assign-ment model(PDRA),which can customize roles without synchronizing users,and achieve dynamic assignment through policy matching.The model is fully compatible with RBAC and can be a good extension mechanism for RBAC.This paper gives the defini-tion and algorithm of the model,evaluates the performance of the model,and applies it in the data governance platform of East Chi-na Normal University,verifying the feasibility and effectiveness of the scheme.
国家科技期刊平台
NSTL
万方数据
