Distributed dual-license and access control method and system

Abstract

The invention discloses a distributed dual-license and access control method and a system, the method is applied in the control system including a universal certificate licensing sensor and a plurality of different types of application systems, and the method comprises the grade authority control step which is used for setting the grade of a user through the universal certificate licensing sensor, transferring grade information of the user to the application systems and deciding the access authority of the user to resources or services by verifying the matching relationship between the grade of the user and the grade of coarse-grained resources or services of the application systems; and the group authority control step which is used for respectively carrying out grouping setting on the user and the resources / services through the application systems and deciding the access authority of the user to the coarse-grained resources or the services by verifying the intersection relationship between user grouping and data service grouping.

Description

Technical field [0001] The invention relates to a user's authorization and access control technology for distributed resources or services in a distributed network environment, in particular to a distributed hierarchical grouping dual authorization and access control method and system. Background technique [0002] Enterprise internal information facilities are often composed of heterogeneous distributed application systems. The integration of these application systems is the future development trend. Not only that, the structure of large-scale application systems also has the characteristics of distributed integration. By combining different modules Integration to achieve the purpose of a certain application. Different information systems, especially Web application systems, need to realize unified management and authentication of users for their integration. On this basis, in order to further control information system and resource access, it is necessary to realize the authori...

AI Technical Summary

Problems solved by technology

On the one hand, the excessive concentration of permissions cannot meet the requirements; on the other hand, it increases the complexity of authorization logic and greatly increases the workload of system administrators. The granularity of authorized objects is often less considered. Therefore, for distributed networks The permission control in the environment needs to consider different application requirements and realize it from different angles

[0005] Simple hierarchical user authorization can solve general resource authorization and access control problems, but because it belongs to a one-dimensional authorization model, it cannot cope with complex situations. When resources or services exist at multiple levels, multiple limiting factors are required , the one-dimensional authorization method cannot meet the requirements, that is to say, if the permission control granularity is only set to a certain category or a coarser granularity, it is impossible to control more granular resources or services

Images