The RBAC Model Integrated with Policy in Grid Environment  

作　　者：CHEN Jiangang WANG Ruchuan WANG Haiyan 

机构地区：[1]Institute of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210003, China [2]State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093, China

出　　处：《Chinese Journal of Electronics》2006年第4期588-592,共5页电子学报（英文版）

基　　金：The work is supported by the National Natural Science Foundation of China （No.60573141, 70271050）; National 863 High Technology Research Program of China （No.2005AA775050）; the Natural Science Foundation of Jiangsu Province （BK2005146） and the pre-research project funded by Natural Science Foundation of Jiangsu Province （BK2004218）, High Technology Research Programme of Jiangsu Province （No.BG2004004, BG2005037） and Key Laboratory of Information Technology Processing of Jiangsu Province. （kjs05001） and by Jiangsu Provincial Research Scheme of Natural Science for Higher Education Institutions （05KJB520092）.

摘　　要：The grid infrastructure presents challenges for providing dynamic authorization and access control to protect grid resource due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. To address the challenge, the Role based access control （RBAC） integrated with the set of policies （including preconditions and contexts） is proposed and expressed formally. The element states of RBAC are introduced and divided. The elements of the sets of preconditions and contexts are expressed in XML separately. The model complements current access control mechanisms to grant permissions to users based on their credential level and the corresponding precondition at the stage of starting session, and to dynamically adjust permissions to users based on activated context at the stage of executing session. The granted permissions result to a subset of roles being granted to the user according to the process of assigned_roles（u,p） which leads to the sets of roles and permissions classified into three subsets. When some context is activated, the transition of permission states results to the transition of role states among the three subsets to avoid the mutual exclusive roles activated simultaneously. Likewise, the session state is adjusted to remain the system consistency. The model complements the fine-grained access control for grid environment.

关 键 词：Grid computing Role based access control （RBAC） POLICY Consistency. 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]