Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A cross-domain access control system for realizing role and group mapping based on cross-domain authorization

A control system and access control technology, applied in the field of cross-domain access control systems, can solve problems such as complex role mapping work, inability to use cross-domain access control, and unsuitability for cross-domain access control

Inactive Publication Date: 2012-02-01
WUHAN UNIV OF TECH +1
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

First of all, the commonly used role mapping scheme is to directly perform role mapping between two authorized domains by the respective access control system of each authorized domain. When there are many authorized domains, this scheme will make the role mapping work complicated and not It is easy to maintain and expand. For example, if the security policy or role definition and role permissions of any authorized domain are changed, all related systems of the authorized domain must be adjusted or modified accordingly; secondly, the relevant technology is only suitable for RBAC's cross-domain access control is not suitable for ACL-based cross-domain access control (and ACL is currently the most widely used access control technology), let alone cross-domain access control between ACL-based domains and RBAC-based domains ; Secondly, the related technology usually needs to carry out relatively large modification to the existing access control system (especially the access control system based on ACL), or even reinvent the wheel, which is obviously not a satisfactory solution

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A cross-domain access control system for realizing role and group mapping based on cross-domain authorization
  • A cross-domain access control system for realizing role and group mapping based on cross-domain authorization
  • A cross-domain access control system for realizing role and group mapping based on cross-domain authorization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] The present invention will be described in further detail below in conjunction with the accompanying drawings.

[0058] The overall structure of the cross-domain access control system of the present invention is as follows: figure 1 As shown, Domain A and Domain B in the figure represent different authorized domains. In each domain, one or more application systems provide external services, and the access control system implements resource access control for users, and the access control system is divided into There are two parts, the basic access control system and the cross-domain system, in which the authority and authorization policy management system S1, the authorization decision engine S2, and the authorization implementation module S3 constitute the basic access control system, while the cross-domain authorization intermediary system S5 and the cross-domain authorization information query module S4 constitutes a cross-domain system, and the cross-domain authoriz...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a cross-domain access control system for role implementation and group mapping on the basis of cross-domain authorization medium. The cross-domain access control system of the invention maintains one role and group mapping strategy table through one cross-domain authorization medium system, wherein, the strategy table is provided with a serials of mapping strategies, and one mapping strategy defines the mapping relationship of roles and groups from one authorization domain to another. When the users of one authorization domain access another authorization domain, the medium system of cross-domain authorization provides roles and groups in the target authorization domain to be accessed, corresponding to the roles and groups in the original authorization domain and on the basis of roles and groups strategy, leading user limit of authorization in one domain to be converted or correspondingly matched to another domain, thereby realizing cross-domain access control based on RBAC or ACL. The cross-domain access control system of the invention is not only suitable for the cross-domain access control based on RBAC and based on ACL, but also suitable for the cross-domain access control based on inter-domain of RBAC and ACL.

Description

technical field [0001] The invention belongs to the technical field of information security access control, in particular to a cross-domain access control system that realizes role and group mapping based on a cross-domain authorization intermediary. Background technique [0002] In order to protect various information system resources on the network, such as hosts, files, data, services, etc., it is necessary to implement authorization management (Authorization Management) and access control (Access Control) for these resources. Generally, the implementation of access control includes three functional parts: authority and authorization policy management, online authorization decision-making, and online authorization implementation. Privilege and Authorization Policy Management (Privilege and Authorization Policy Management), responsible for managing user rights and resource access control policies (Access Control Policy) or rules (in the present invention, authorization pol...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32
Inventor 龙毅宏张海松唐志红林智鑫
Owner WUHAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products