摘要： 为了加强大型分布式环境下访问控制的安全管理，分析了现有的安全访问控制缺陷，根据PMI权限管理机制的特点，建立了基于角色层次模型的多平台系统下的统一授权策略，提出了基于PMI的应用系统访问安全管理原则，并阐述了其在一类关键性业务系统中的 应用。

关键词: 权限管理基础设施, 权限管理, 属性证书

Abstract: To enhance the security management of access control in big distributing environment, unified authorization policies in multi-platform system is proposed. With the analysis of the limitation in existing access security management, the advantages of adopting the PMI mechanism instead of application-embedded privilege management are particularized. The principles of access security management on application system based on PMI is put forward to design and implement. In accordance with the key thoughts, a practical system on realty is realized.

Key words: Privilege Management Infrastructure (PMI), privilege management, attribute certificate

中图分类号: 

• TP309