共查询到20条相似文献,搜索用时 62 毫秒
1.
To meet the authorization administration requirements in a distributed computer network environment, this paper extends the role-based access control model with multiple application dimensions and establishes a new access control model ED-RBAC(Extended Role Based Access Control Model) for the distributed environment. We propose an extendable hierarchical authorization assignment framework and design effective role-registering, role-applying and role-assigning protocol with symmetric and asymmetric cryptographic systems. The model can be used to simplify authorization administration in a distributed environment with multiple applications. 相似文献
2.
HONGFan ZHUXian XINGGuanglin 《地球空间信息科学学报》2005,8(2):138-143
Access control in multi-domain environments is one of the important questions of building coalition between domains. On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization. Then, a distributed RBAC model is presented. Finally the implementation issues are discussed. 相似文献
3.
Access control in multi-domain environments is one of the important questions of building coalition between domains. On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization. Then, a distributed RBAC model is presented. Finally the implementation issues are discussed. 相似文献
4.
GIS门户用于整合各种来源的GIS服务,并为用户提供统一的GIS服务访问入口.访问控制是GIS门户建设的重要技术基础,现有方法是通过授权机制,授予用户相应GIS服务的访问权限.由于不隐藏原始服务地址,即使用户被取消授权,但因其已获取过原始服务地址,依然可绕过GIS门户访问相应的GIS服务,GIS门户无法对已注册GIS服务的访问情况进行控制.通过代理技术可以有效地隐藏原始服务地址,但由于GIS门户的特殊性,使用现有的代理服务器不仅配置复杂,而且要与GIS门户的授权机制相结合,实现难度大.为解决以上问题,本文基于代理技术的思路,自主研发实现了一种多源GIS服务访问控制方法,采用对注册GIS服务的原始服务地址的隐藏机制,以及建立与之对应的代理服务地址的映射关系,使得被授权用户只能访问代理服务地址,进而实现GIS门户中对注册GIS服务的访问控制.基于此设计实现的SuperMap iPortal注册服务访问控制模块,支持对注册的多源GIS服务进行代理,提供统一的代理服务根地址,方便对多源GIS服务进行统一使用、管理和维护. 相似文献
5.
6.
《International Journal of Digital Earth》2013,6(3):275-289
Abstract In recent years, geographical information systems have been employed in a wide variety of application domains, and as a result many research efforts are being devoted to those upcoming problems. Geospatial data security, especially access control, has attracted increased research interests within the academic community. The tendency towards sharing and interoperability of geospatial data and applications makes it common to acquire and integrate geospatial data from multiple organisations to accomplish a complex task. Meanwhile, many organisations have the requirement for securing access to possessed sensitive or proprietary geospatial data. In this heterogeneous and distributed environment, consistent access control functionality is crucial to promote controlled accessibility. As an extension of general access control mechanisms in the IT domain, the mechanism for geospatial data access control has its own requirements and characteristics of granularity and geospatial logic. In this paper, we address several fundamental aspects concerning the design and implementation of an access control system for geospatial data, including the classification, requirements, authorisation models, storage structures and management approaches for authorisation rules, matching and decision-making algorithms between authorisation rules and access requests, and its policy enforcement mechanisms. This paper also presents a system framework for realising access control functionality for geospatial data, and explain access control procedures in detail. 相似文献
7.
8.
Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed “virtual organizations”. The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid aplication is also described. 相似文献
9.
YAO Hanbing HU Heping LU Zhengding LI Ruixuan 《地球空间信息科学学报》2006,9(3):223-228
IntroductionThe Grid security infrastructure ( GSI) hasbeen accepted as the pri mary authenticationmechanismfor the Grid computing. GSI devel-oped as part of the Globus project defines singlesign-on algorithms and protocols , cross-domainauthentication pr… 相似文献
10.
Specific features of tile access patterns can be applied in a cache replacement strategy to a limited distributed high-speed cache for the cloud-based networked geographic information services (NGISs), aiming to adapt to changes in the access distribution of hotspots. By taking advantage of the spatiotemporal locality, the sequential features in tile access patterns, and the cache reading performance in the burst mode, this article proposes a tile sequence replacement method, which involves structuring a Least Recently Used (LRU) stack into three portions for the different functions in cache replacement and deriving an expression for the temporal locality and popularity of the relevant tile to facilitate the replacement process. Based on the spatial characteristics of both the tiles and the cache burst mode with regard to reading data, the proposed method generates multiple tile sequences to reflect spatiotemporal locality in tile access patterns. Then, we measure the caching value by a technique based on a weighted-based method. This technique draws on the recent access popularity and low caching costs of tile sequences, with the aim of balancing the temporal and spatial localities in tile access. It ranks tile sequences in a replacement queue to adapt to the changes in accessed hotspots while reducing the replacement frequency. Experimental results show that the proposed method effectively improves the hit rate and utilization rate for a limited distributed cache while achieving satisfactory response performance and high throughput for users in an NGIS. Therefore, it can be adapted to handle numerous data access requests in NGISs in a cloud-based environment. 相似文献
11.
12.
基于对象存储的分布式GIS数据安全机制 总被引:2,自引:0,他引:2
根据OSD-2标准,提出一种安全机制来保证基于对象存储的分布式GIS空间数据的安全。在本安全机制中,采用的安全模型是基于信任状的访问控制系统,主要由OSD设备、安全管理器、策略/存储管理器和GIS服务器组成。该安全机制主要包含3个协议:GIS服务器-安全管理器协议、安全管理器-OSD设备协议和GIS服务器-OSD设备协议。命令的传输和数据的访问都要进行认证。这3个协议有效预防了各种网络攻击手段的攻击,保证了分布式GIS空间数据的安全共享。 相似文献
13.
基于GIS的水利数据中心建设研究 总被引:1,自引:0,他引:1
水利信息化整合所涉及的数据覆盖面广,包括水文、气象、地质、地理空间甚至交通等多方面数据内容,且大多数据异地存放,结构关系复杂,标准化程度不足.有的存在语义冲突,有的则难以集中存放,在异构性、完整性、语义冲突、权限安全、标准性、扩展性、访问方式等多方面存在问题.基于以上问题,本文采用数据集成方式把异构的、分布式的水利行业相关数据通过物理迁移或者逻辑迁移方式汇集.以空间数据为框架,通过统一的数据模型设计和对象编码体系,构建一个物理集中与逻辑映射相结合的一致性的数据库群,并提供数据管理、数据交换和数据更新的软件系统,对数据中心的数据资源进行管理和维护,从而有效地提高对业务应用的支撑能力,提升快速应对能力,便于决策支持,实现科学、高效、有序的应对体系和资源共享模式. 相似文献
14.
基于SMCS的多源空间数据集成应用 总被引:1,自引:0,他引:1
为解决多源空间数据特别是不同参考基准数据实时集成困难的问题,通过分析空间元数据间关系,定义并利用元数据知识来实现空间元数据的动态聚合和目录服务SMCS的构建。实验结果表明顾及空间关系的SMCS提高了对空间信息的动态获取、处理和发布的能力和效率,为网格环境下多源数据的高效集成应用服务提供技术支持。 相似文献
15.
根据信息系统内外网络业务数据交换的需要,本文提出一种基于主动数据交换的安全外联接入平台。安全外联接入平台不但具有安全的网络物理隔离功能,而且能提供一系列安全服务认证、授权、安全审计、入侵检测和病毒防范等。 相似文献
16.
17.
18.
近年来,SOLAP技术已逐渐应用于遥感多维分析研究领域,但其计算性能仍面临大规模数据的挑战。本文借鉴数据密集型计算模式Map-Reduce在OLAP领域的相关应用研究,提出一种基于该模式扩展的遥感数据SOLAP立方体模型。在数据分级分块基础上,对现有模型在分布式环境下进行了适应性改进,并在Map-Reduce支持下,通过引入多维地图代数将该模型中的SOLAP计算转化为基于栅格块粒度的并行地图代数操作。以遥感旱情应用为例阐述了模型的构建与应用过程,并实现了原型。实验结果证明了该模型在大规模数据处理情况下具有较好加速性能与可扩展性。 相似文献
19.
《International Journal of Digital Earth》2013,6(5):373-390
Security has recently become a major concern in distributed geo-infrastructures for spatial data provision. Thus, a lightweight approach for securing distributed low-power environments such as geo-sensor networks is needed. The first part of this article presents a survey of current security mechanisms for authentication and authorisation. Based on this survey, a lightweight and scalable token-based security infrastructure was developed, which is tailored for use in distributed geo-web service infrastructures. The developed security framework comprises dedicated components for authentication, rule-based authorisation and optimised storage and administration of access rules. For validation purposes, a prototypical implementation of the approach has been created. 相似文献
20.
KING GEORGE ISLAND SPATIAL DATA MODEL 总被引:2,自引:0,他引:2
CHEN Nengcheng GONG Jianya 《地球空间信息科学学报》2001,4(2):63-69
1 IntroductionSpatialdistributionisthenaturalfeatureofgeo graphicinformation .Inthepastyears,duetolimi tationoftechnology ,communicationandhardware ,spatialdatacapturedfromdifferentregionhastobesaved ,managedandprocessedinthecentralplace .Asaresult ,spatiald… 相似文献