The Research of Distributed Authorization Access Control of Information Appliance
|School||Hunan Normal University|
|Course||Applied Computer Technology|
|Keywords||XACML IXPMI Access Control LDAP Distributed Authorization|
The security of information appliances mainly includes the identity authentication, the privilige management, the access control ,the audit trail and so on. However, the standard of information appliance has not set down, and all kinds of arisen standards are lack of compatibility. The security, which is a content of the research of information appliance, has not been unified. The research of the authorization management and the access control as the important part of the information appliance’ s security make sense weightly. The present research aims to make the standard studying part from concrete products to reach bigger compatibility, and bring forward a feasible universal distributed authorization access control mechanism of information appliances .By integrating the XACML access control model with PMI , this paper analyses and researches the access control of distributed information appliances ulteriorly on the ground of the information appliance’ s security framework , and puts forword the IXPMI distributed authorization access control architecture for the appliance. Furthermore , it disscusses the system ’ s working flow in the architecture.Because of the distributed trait of the appliance, a storage scheme is introduced to store the information such as users, roles, role’ s hierarchy, infomation appliances and the like via combining the local-storage of embedded Databases with the remote storage For the sake of system’ s consistency and compatibility and expansibility, IAIDL files and attribute certificates are described by XML.The role-object access control policy based on conditions is advanced , which depends on advantages and disadvantages of MAC, DAC, RBAC, OBAC and characteristics of XACML language. At the same time , RBAC hierarchy model is utilized to partition user’ s role hierarchy and the proper granularity of the information appliance access control is ascertained and the conception of method field is brought forward to reduce policy at full steam. In the end, this paper accomplishes access control policies, rules, conditions of information appliances on the system environment of linux+SunXacml1.2+Eclipse.