Method and device for generating access controlling policy

An access control policy and access control technology, applied in the field of network applications, can solve problems such as difficulty in defining users and prone to errors, and achieve the effects of facilitating understanding and operation, ensuring accuracy, and reducing burden
CN101771683AInactive Publication Date: 2010-07-07BEIHANG UNIV

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Applications(China)
Current Assignee / Owner
BEIHANG UNIV
Publication Date
2010-07-07
Estimated Expiration
Not applicable Β· inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses method and device for generating an access controlling policy. The method comprises the following steps of: generating an ABAC policy expression according to ABAC policy information input by a user through a pre-established attribute-based access control (ABAC) policy view template; and converting the ABAC policy expression into an ABAC policy which is based on XACML and conforms to the XACML template according to mapping rules of the preset ABAC policy view template and an extensible access control markup language (XACML) template. In the invention, the user only needs to input some simple ABAC policy information through the ABAC policy view template and does not need to write a complicated ABAC policy based on XACML in a manual mode, therefore, the problem that the user difficultly defines the ABAC policy based on XACML is solved, the problem that errors are made in the process of writing the complicated ABAC policy based on XACML in a manual mode by the useris avoided, and the accuracy of the ABAC policy based on XACML is ensured.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to access control technology, in particular to a method and device for generating an access control policy, belonging to the field of network applications. Background technique

[0002] In order to ensure that the network has sufficient security, the International Organization for Standardization ISO defines five security service functions in its network security system design standard (ISO7498-2), including: identity authentication service, access control service, data confidentiality service, Data integrity services and non-repudiation services. Among them, the access control service is a defense measure against unauthorized use of resources, which is used to prevent users from accessing various resources without authorization, so that the computer system can be used within the legal scope. Access control can effectively prevent illegal users from accessing system resources, and legal users from illegally accessing system resou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More