论文信息 - A Uniform Model for Authorization and Access Control in Enterprise Information Platform

A Uniform Model for Authorization and Access Control in Enterprise Information Platform

Enterprise information platform (EIP) is an enterprise model-based platform, aiming at model-driven enterprise design, analysis and evaluation. Its one role is to build up a framework for the easy integration of different systems representing the processes, structures, activities, goals and information, etc of businesses, governments or other enterprises. The topic of this paper is not data integration or application integration of EIP, but integration of authorization. This paper focuses on integration of authorizations of workflow management system and resource management system of EIP. Workflow management and resource management of current EIPs usually have their own models of authorization and access control. This type of separate authorization and access control mechanism causes many security problems. Previous studies focus on each authorization system individually, but the integration of them has hardly been deeply discussed. Here the paper presents a unified authorization and access control model, so as to represent the privileges authorized by different systems in the same format, and to avoid conflicts and other security problems as the consequence.

Songlin Hu | Dongdong Li | Shuo Bai

[1] Gail-Joon Ahn,et al. The rcl 2000 language for specifying role-based authorization constraints , 2000 .

[2] Sabrina De Capitani di Vimercati,et al. A modular approach to composing access control policies , 2000, CCS.

[3] Victoria Ungureanu,et al. Unified Support for Heterogeneous Security Policies in Distributed Systems , 1998, USENIX Security Symposium.

[4] Shengli Wu,et al. Authorization and Access Control of Application Data in Workflow Systems , 2004, Journal of Intelligent Information Systems.

[5] Silvana Castano,et al. Managing Workflow Authorization Constraints through Active Database Technology , 2001, Inf. Syst. Frontiers.

[6] Simon S. Lam,et al. Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[7] Sushil Jajodia,et al. An authorization model for a public key management service , 2001, TSEC.

[8] Elisa Bertino,et al. The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[9] Sushil Jajodia,et al. Flexible support for multiple access control policies , 2001, TODS.

[10] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[11] Elisa Bertino,et al. Administration Policies in a Multipolicy Autorization System , 1997, DBSec.

[12] Joan Feigenbaum,et al. Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.