CMS中RBAC模型的改造和应用

针对内容管理系统(CMS)中内容、权限和用户数量规模大的特点,采用形式化方法定义了改造后的基于角色的权限模型--RBAC0.5.对照RBAC96定义的4个模型,RBAC0.5是一个介于RBAC0和RBAC1之间的新模型.它覆盖了RBAC0,将RBAC1中的角色层次关系改造为通过用户组关联的映射关系,从而获取以关系型数据库为后台的集合操作能力.并且,为了有效组织CMS中的内容,形式化定义了内容分区和层次分类,在此基础上定义了层次化的权限集合,从而支持多层粒度上的访问控制.基于上述模型, 给出CMS中基于短路操作、垃圾收集以及缓存技术的实现访问控制的优化算法.

Modified RBAC model and its application on content management system

Focusing on the large scale characteristic of content, users and permissions in content management system (CMS), a modified role based access control(RBAC) model, RBAC0.5, is formally defined. In contrast with the four models defined by RBAC96, the RBAC0.5 is formed as a new model between the basic model (RBAC0) and the enhanced model (RBAC1). It covers RBAC0 and alters the hierarchical relations among roles in RBAC1 to flat mapping by introducing the middle layer--user group. By using RBAC0.5, set operation can be performed with the relational database back-end. In addition, the partition and hierarchy category are formally defined for the arrangement of content in CMS by their media type and their semantic. Based on those definitions, the multi-layer permission sets are defined on partitions and categories for the multi-grained access control. According to such models, the implementation of the access control in the CMS uses short circulating operation, garbage collection and caching technology for performance optimization. Pseudo codes of the algorithms are also given.