摘要： ：授权管理基础设施PMI是目前网络安全领域中的研究热点，如何提高PMI的系统效率以及如何标准化授权策略是当前遇到的主要问题。该文提出了一种基于条件的访问控制策略，结合XACML和J2EE的相关技术对策略的实现机制进行了改进，实现了一个基于该策略模型的PMI系统。该系统可有效地解决上述问题，给用户提供了更方便的权限管理和更细粒度的访问控制。

关键词: 授权管理基础设施, 可扩展访问控制标记语言, 访问控制, 策略

Abstract: Privilege management infrastructure is the research hotspot in the field of network security at present. How to improve the PMI system’s efficiency and how to standardize the access control policies are the main questions now. A condition based on access control policy and its implementation mechanism is improved by using XACML technology. Combined with J2EE technology, a PMI system based on the policy model is designed and implemented. The improved system resolves the questions above, provides convenient privilege management and fine-grained access control.

Key words: Privilege management infrastructure (PMI), Extensible access control markup language(XACML), Access control, Policy