System and method for multilevel cross-domain access control

Abstract

The invention relates to a system and method for multilevel cross-domain access control in case of a multilevel administrative domain. The cross-domain access control is realized through a multilevel-role-based mapping mechanism; the method is realized based on all cross-domain access centers deployed in the entire country and provincial levels; the cross-domain access centers provide cross-domain role application and query services; and administrators can administrate all cross-domain access centers. The method comprises two steps of authorizing the cross-domain access control and carrying out access control on cross-domain access behaviors of users according to the authorization, wherein the authorizing of the cross-domain access control comprises the step of establishing corresponding cross-domain roles in related cross-domain access centers, and the control on user access comprises the steps of obtaining the access authority of cross-domain subjects to objects according to the mapping relationship between the cross-domain roles and domains where the subjects and the objects are located, and carrying out control by the domains where the objects are located. The system and the method are used for administrating the cross-domain access of three levels, i.e. a national level, a provincial level and a municipal level, in a security service platform, so that the cross-domain access control has the characteristics of self-government administration, user transparency and convenience in extension.

Description

technical field [0001] The invention belongs to the technical field of computer information security, and relates to a multi-level cross-domain access control system and control method in the case of multi-level management domains. The cross-domain access control is realized through a multi-level role-based mapping mechanism. Background technique [0002] The secure access service platform consists of two levels: national, provincial, and prefectural. There are application services at the national, provincial, and prefectural levels. Each node in each level is an access control domain. Users in one domain access applications in the domain, but in some cases, due to business requirements, users may need to access applications in other domains, and in this case, cross-domain access is required. [0003] Since each domain has its own access control system, when multiple domains interoperate, the subject and the object are not in the same domain. At this time, neither the subjec...

AI Technical Summary

Problems solved by technology

[0003] Since each domain has its own access control system, when multiple domains interoperate, the subject and the object are not in the same domain. At this time, neither the domain where the subject resides nor the domain where the object resides can perform normal access control. Therefore, the original Intra-domain access control methods cannot be directly applied to cross-domain access control

[0004] The current cross-domain access control solution is to introduce a third-party cross-domain access control center, through which the access control of each domain is coordinated and controlled. However, in the secure access service platform, the access control domain is a Multi-level structure, the existing technical methods are all to solve the problem of cross-domain access control between peer domains, and cannot work in the case of multi-level management

Images