关键词: 开放网络环境, 访问控制, 属性, 运行上下文, 规则

Abstract: Concerning the limitations of the application of traditional access control model in new generation credible Internet environment, such as the inefficiency in user-role assignment and the difficulty in cross-domain access control, a universal attribute-based access control framework was proposed. It took a unified method to dispose the attributes of users, resources, operations and running context, simplified the complex way of permissions determination in traditional RBAC and other access control modes, thus enhancing the versatility and flexibility of access control system. At the same time, authentication based on attribute certificates was applied in cross-domain access, policy evaluation and evaluation algorithm were also discussed, which could dynamically realize resource management and access control for users from different domains. In addition, the mechanism of the running context makes the framework more suitable to be applied in complex and dynamic Internet environment.

Key words: open network environment, access control, attribute, running context, rule