企业门户中基于令牌的角色访问控制模型

企业门户中用户和访问权限管理的研究是一项复杂且具挑战性的工作.传统的基于角色的访问控制模型(RBAC,Role-Based Access Control)在实现上通常受单一系统和应用的约束,因此提出了一种基于令牌的角色访问控制模型(TRBAC,Token Role-Based Access Control)．该模型采用门户平台下的单点登录(SSO,Single Sign On)技术,将RBAC模型与令牌访问机制相结合,使角色能跨越门户平台下所有的Web应用．该模型是一个动态激活的模型,根据用户实际的访问需求动态激活相应角色,为用户管理和访问控制管理提供了一个新的解决方案．TRBAC模型具有统一的用户安全管理标准,支持集中审核和控制．实践表明,采用TRBAC 模型提高了系统的访问效率,保证了系统的安全性．

New model for token role-based access control on enterprise portal

Manage users and access rights are a complex and challengeable job in enterprise portal.Importing the role concept may simplify the access control,but its implementation is usually constrained by the single system and application.A new model,TRBAC(token role-based access control),was proposed for RBAC(role-based access control)on enterprise portal,which integrated the SSO(single sign on) technology and combined the RBAC model with token access mechanism.The role could span all web systems in portal.It was a token-based and dynamic-activated access control model,which could dynamically adjust the access rights according to user access requirement.It solved the problems on user management and access control management,and supported the corporate security standards,central auditing and control.The practice indicates that TRBAC improves the system efficiency and ensures the security.