共查询到18条相似文献,搜索用时 156 毫秒
1.
本文在分析测绘系统开发与应用中测绘数据的复杂性,以及大部分测绘系统都包含业务流程等特点的基础上,除了RBAC模型的角色授权外,加入了任务对操作进行授权,对RBAC模型进行了有效的扩展,使其更具通用性。该方法有效解决了传统的RBAC模型在测绘系统应用中存在的弊端,对其他应用系统建设同样具有理论指导。 相似文献
2.
3.
测绘应用系统中权限管理模型研究 总被引:1,自引:1,他引:0
测绘数据安全,尤其是权限控制在测绘应用中已成为不可或缺的部分。本文针对传统的RBAC模型所存在的问题,引入"用户组"进行了改进:除了RBAC模型的角色授权外,增加了用户组对数据资源进行授权,使用户所拥有的权限变成用户所属角色的功能权限和用户所属部门的资源权限之和。改进后的混合授权的扩展模型(E-RBAC)不仅有效解决了角色定义、用户职责、功能和资源等动态变化对权限管理所带来的问题,更增强了对用户授权的灵活性和可维护性,并且在实际项目中得到了应用。 相似文献
4.
资源与环境遥感项目成果信息服务系统权限模型的设计与实现 总被引:1,自引:0,他引:1
在Windows 2003 Server活动目录技术的基础上,基于传统的基于角色访问控制(Role Based Access Control,RBAC)的思想,提出了一种基于活动目录角色的访问控制(Active Directory Based Kole Access Control,ADBRAC)模型。该模型在权限管理以及实现系统安全的策略中,通过对主体、客体和操作同时进行抽象,引入了用户组、视图及动作的概念,实现了细粒度的权限定义和功能权限管理,降低了管理复杂度。该模型已在资源与环境遥感项目成果信息服务系统的开发中得到实现。实践证明,模型简单实用,安全稳定,具有更强的通用性和表现现实世界的能力。 相似文献
5.
本文提出一个叫做SMARXO的框架,采用RBAC(基于角色访问控制)、XML和面向对象数据库解决多媒体应用中的安全。对比其它现存的安全模型或者工程,SMARXO能够处理更复杂的环境。首先,图像对象层次的安全和视频场景/低层次安全可以很容易就实现。其次,为达到访问控制的目的设计一个时间限制和IP地址限制的模型。最后,可以执行XML查询,如管理员可以通过安全角色和策略找回有用的信息。 相似文献
6.
7.
针对基于G IS的行政界线信息管理系统中的权限管理的需要,引入了角色访问控制(R BAC)技术,提出了一种基于角色的用户权限管理方案。 相似文献
8.
9.
10.
为满足浙江省各级农经管理部门在农村土地承包经营权管理系统中复杂的权限管理需要,基于RBAC模型实现了以Apache Shiro安全框架为支撑的多维度动态业务权限管理。该模型从角色维度、部门维度、空间维度、时间维度上分别对用户的资源菜单、工作流、数据操作空间、数据历史回溯4个方面的权限进行细粒度控制。在浙江省农村土地承包管理信息系统中实际运行表明,设计的业务权限系统可满足省市县各级农经管理部门在管理系统的权限要求。 相似文献
11.
To meet the authorization administration requirements in a distributed computer network environment, this paper extends the role-based access control model with multiple application dimensions and establishes a new access control model ED-RBAC(Extended Role Based Access Control Model) for the distributed environment. We propose an extendable hierarchical authorization assignment framework and design effective role-registering, role-applying and role-assigning protocol with symmetric and asymmetric cryptographic systems. The model can be used to simplify authorization administration in a distributed environment with multiple applications. 相似文献
12.
DUANSujuan HONGFan LIXinhua 《地球空间信息科学学报》2004,7(4):303-307
To meet the authorization administration requirements in a distributed computer network environment, this paper extends the role-based access control model with multiple application dimensions and establishes a new access control model ED-RBAC(Extended Role Based Access Control Model) for the distributed environment. We propose an extendable hierarchical authorization assignment framework and design effective role-registering, role-applying and role-assigning protocol with symmetric and asymmetric cryptographic systems. The model can be used to simplify authorization administration in a distributed environment with multiple applications. 相似文献
13.
基于对象存储的分布式GIS数据安全机制 总被引:2,自引:0,他引:2
根据OSD-2标准,提出一种安全机制来保证基于对象存储的分布式GIS空间数据的安全。在本安全机制中,采用的安全模型是基于信任状的访问控制系统,主要由OSD设备、安全管理器、策略/存储管理器和GIS服务器组成。该安全机制主要包含3个协议:GIS服务器-安全管理器协议、安全管理器-OSD设备协议和GIS服务器-OSD设备协议。命令的传输和数据的访问都要进行认证。这3个协议有效预防了各种网络攻击手段的攻击,保证了分布式GIS空间数据的安全共享。 相似文献
14.
Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed “virtual organizations”. The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid aplication is also described. 相似文献
15.
YAO Hanbing HU Heping LU Zhengding LI Ruixuan 《地球空间信息科学学报》2006,9(3):223-228
IntroductionThe Grid security infrastructure ( GSI) hasbeen accepted as the pri mary authenticationmechanismfor the Grid computing. GSI devel-oped as part of the Globus project defines singlesign-on algorithms and protocols , cross-domainauthentication pr… 相似文献
16.
《International Journal of Digital Earth》2013,6(3):275-289
Abstract In recent years, geographical information systems have been employed in a wide variety of application domains, and as a result many research efforts are being devoted to those upcoming problems. Geospatial data security, especially access control, has attracted increased research interests within the academic community. The tendency towards sharing and interoperability of geospatial data and applications makes it common to acquire and integrate geospatial data from multiple organisations to accomplish a complex task. Meanwhile, many organisations have the requirement for securing access to possessed sensitive or proprietary geospatial data. In this heterogeneous and distributed environment, consistent access control functionality is crucial to promote controlled accessibility. As an extension of general access control mechanisms in the IT domain, the mechanism for geospatial data access control has its own requirements and characteristics of granularity and geospatial logic. In this paper, we address several fundamental aspects concerning the design and implementation of an access control system for geospatial data, including the classification, requirements, authorisation models, storage structures and management approaches for authorisation rules, matching and decision-making algorithms between authorisation rules and access requests, and its policy enforcement mechanisms. This paper also presents a system framework for realising access control functionality for geospatial data, and explain access control procedures in detail. 相似文献
17.
18.
Access control in multi-domain environments is one of the important questions of building coalition between domains. On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization. Then, a distributed RBAC model is presented. Finally the implementation issues are discussed. 相似文献