摘要
从基于角色的访问控制(RBAC)模型在面对当前多级、多部门、分布式复杂电子政务系统时所体现出的处理能力上的不足入手,通过深入分析组织、组织结构和岗位三者的概念和内涵以及组织在电子政务系统的权限管理和访问控制工作中所具有的核心地位,引入基于组织的访问控制方法,并基于此构建其实现模型——OB4LAC模型。通过对OB4LAC模型的具体分析,给出其组成成员、形式化描述、子模型UPA、PORA、PERA和RRA各自的运行和管理方式,以及在进行组织间访问操作和业务协作时的处理流程,并进一步结合电子政务系统的实际应用案例,对OB4LAC模型的优势和适用性进行了分析和阐述。
With the emergency of multi-level,complex and distributed e-government systems,the traditional role-based access control(RBAC)model becomes weaker and incompetent.However,the extension of RBAC model mainly focused on building a suitable hierarchy of roles,although useful,it still has many problems.Through the analysis of the organization of government and its work flows,we believe that the underlying reasons for the problems are the conflicts in working patterns between RBAC model and the real world.We thus propose a new access control theory,namely,Organization Based Access Control Theory and its implementation model-OB4LAC model.OB4LAC model adopts the right management based on the organization,puts each department in the organization into great play,and finally make the entire organization achieve the best working condition.We analyze the members,formal description and sub-models UPA,PORA and PERA of OB4LAC model,and give the procedures in access control and operation collaboration among organizations.Application tests in many complex e-government application systems show that OB4LAC model is rather successful.
出处
《系统管理学报》
CSSCI
2014年第4期481-488,共8页
Journal of Systems & Management
基金
国家自然科学基金重点攻关项目(91024029
71001013)
中国博士后面上资助项目(2013M540273)
关键词
基于组织的访问控制方法
基于组织的四层访问控制模型
访问控制
权限管理
信息安全
organization-based access control method
organization-based 4levels access control model
access control
authorization management
information security
