在不同的以角色為基礎的權限控管(Role-Based Access Control, RBAC)系統domain間,當使用者欲存取非本身domain系統的資源,他必須取得具有該資源domain的角色,而這必須透過角色對應(role mapping)來完成。但在某些情況下,使用者啟用角色或執行權限時,取決於使用者所處的時間或所在的位置,即情境限制。 在這篇論文,我們提出了在角色對應加上情境限制的方法。本篇論文使用加上情境限制的Context Role RBAC (CR-RBAC) 模型,經由角色對應後,當使用者滿足情境限制後才可啟動角色。
In a multi-domain RBAC system, when a user wants to access the resources of another domain, he/she must obtain a role from that domain. This is usually achieved via role mapping. But in some cases, the roles that a user can activate or the permissions that a user can perform will be determined by temporal or spatial constraints. In this thesis, we proposed to extend role mapping with context constraints. We used Context Role RBAC (CR-RBAC) Model to model context constraints. After the role mapping, a role cannot be activated unless the context constraints are also satisfied.