Research and Achievement of Service-based Single Identity Access Control System
|School||Shanghai Jiaotong University|
|Keywords||information security RBAC identity management access control|
IT systems in Banks are complex applications which are commonlytechnology-intensive, diversified, structural complexity. in the course ofoperation and maintenance, illegal operations, outsourcing, and sharingamong people often occur and lead to risk.Banks usually take double review,process management and other management systems to avoid or reduce IToperational risk, but in practice there are many problems such as weak is oftena process of implementation of the system is weak implementation, lack ofeffective supervision and other issues. Therefore, how to use technology toeffectively manage user rights, user control is a very important and urgentissue.Role-Based Access Control, RBAC, is an kind of access controlmodel which is used widely. But RBAC model has its own shortage. Forexample, In a large-scale enterprise such as the bank, people’s roles are notfixed in daily IT operations and maintenances, and requirements of accessingto IT systems are often changed, and many people own some exceptiveprivileges. In such Scenario, tradional RBAC model seems not flexible.This artical is for solve the shortage of RBAC model, and extendRBAC model and encapsulate it. On the basis of IT process feature of thebank, a service-based access control model is established, called SBAC. Inthis model,the concept of service replaces the concept of role in RBAC.Access control follows the processes of business services. No matter whatpeople change in a certain sevice process, the model can apply accessauthorization efficiently through people’s identity. The SBAC model improve the shotage of RBAC model which is not flexible in some scenes.Base on SBAC model, the bank established an account accesscontrol system, called single identity access control system, which fitoperation and maintenance system very well. This system was as a part ofsystem account security manangement platform, and was deployed in thebank. This access control system solved problem that system accounts weremanaged manually, and solved other problems such as account sharing,temporary authorization in emergency, control users’ privileges difficultly. Byusing service-based access control system, accessing to IT resources becomesmuch more convenience, efficient, and secure.