- 學位論文
以角色為基礎的權限控管系統間角色對應問題之研究與探討
A Study of Inter-Domain Role Mapping in Role-Based Access Control System
摘要
本篇論文探討以角色為基礎的權限控管系統(RBAC system)之間角色對應(role mapping)的問題。因為在RBAC中角色是屬於一個授權的中介者,必須透過角色才能取得權限,因此當使用者需要使用不同的RBAC domain的資源時,必須取得不同RBAC domain的角色,以便獲得相對的權限。所以角色對應的問題就在於處理RBAC domains之間的角色要如何對應才可以取得想要之權限。 我們提出一個角色對應的方法來解決不同RBAC domain之間角色對應的問題。我們採用權限要求(permission request)的概念來做為角色對應時的基礎,並且盡可能產生最少數目的暫時性角色(temporary role)來獲得不同RBAC domain中的權限。我們提出的方法可以確保在hybrid role hierarchy時角色對應的一致性,並且不會改變各個RBAC domain的原有role hierarchy。
並列摘要
In this thesis, we explored the role mapping problem between different RBAC systems. Because in an RBAC system, users obtain permissions through the assignment of roles, a user must be assigned a role from other RBAC domains to use the corresponding resources. Therefore one major problem in integrating RBAC domains was to map a role to other domains to obtain desired authorizations in other domains. We proposed a method for role mapping between different RBAC domains. We used permission request concept as basis for role mapping and attempted to produce the least number of temporary roles when acquiring the authorization from different RBAC domains. Our method can assure the consistency of role mapping in a hybrid role hierarchy without changing the role hierarchy in each RBAC domain.