【作者】 马甜；

【导师】 李怀明；

【作者基本信息】 大连理工大学 ， 管理科学与工程， 2007， 硕士

【摘要】 转授权是访问控制模型中十分重要的组成部分，已成为分布式计算环境下重要的访问控制管理机制，也是近年来访问控制授权研究的一个重点和热点课题。在分布式计算、大规模系统和协同计算系统中，用户之间的转授权对实现高效、灵活的访问控制具有特别重要的意义。本文的主要内容包括：(1)提出了一个新的模型：基于角色的动态转授权模型。在对国内外具有代表性的角色转授权模型进行分析和比较之后，总结出目前模型中仍存在一些急需解决的问题。针对这些问题特别提出了基于角色的动态转授权模型。论文在对该模型进行形式化描述之后，详细阐述了在转授权、权限执行整个动态过程中，如何借助Agent实现带时间限制的部分角色转授权、重复角色转授权、双边协议以及在兼顾动态职责分离约束的同时，如何解决由权限共享引起的角色互斥问题。(2)对区县级政府部门中行政人员的职能进行分析和归纳。通过对区县级行政部门的组织结构以及行政审批流程进行分析之后，结合基于角色的动态转授权模型的思想，从新的角度对区县级政府部门中岗位、角色、权限之间的对应关系进行了分析和归纳，并指出在行政审批过程中实施转授权的必要性。(3)采用多种方式对在区县级行政审批系统中实现转授权的具体细节进行阐述。用XML对用户与Agent交互的信息格式进行了定义，借助伪代码、程序流程图将转授权实施、权限执行整个过程中的具体细节进行了描述。更多还原

【Abstract】 Delegation is an indispensable part of access control model. It has become a crucial access control management mechanism in secure distributed computing environment as well as a hot topic in the field of access control authorization. In distributed system, large-scale system, cooperative computation system, delegation among different users plays an important role in realizing flexible and efficient access control.The main content of this paper includes:(1) Bring forward a new delegation model: Role-based Dynamic Delegation Model (RBDDM).Firstly, the author analyzed and compared domestic and overseas role-based delegation models. Then summarized there were some problems need to be solved urgently yet. In order to solve such problems RBDDM was proposed. The paper described the model with mathematical expressions. Then it expatiated how to realize part-role delegation, repeated role delegation, bilateral protocol as well as how to solve the problems about dynamic restriction of separating responsibilities, permission sharing based on Agent technology in the whole delegation process.(2) Analyzing and summarizing functions of official workers in local government.After analyzing the structure of local government’s administrative department and the process of administrative permit affairs the author gave a new reflection relationship among positions, roles and permissions combined with RBDDM. Then pointed out how important to carry out delegation in the procedure of administrative permit affairs.(3) Expatiating the delegation process in local administrative permit management system by multiple ways.The paper used XML to define the communication information format between users and Agent. Meanwhile it also used pseudocode and programme flow chart to describe the whole process of delegation.更多还原