摘要： 限制可以视为是基于角色的访问控制(RBAC)的主要动机。该文分析基于XML的访问控制规范语言(XACML)的RBAC框架并指出了该框架的缺点，通过提出的角色激活机构对该框架进行扩充，使得XACML支持RBAC模型中的职责分离和基数限制等限制。

关键词: Web服务, XML的访问控制规范语言, 基于角色的访问控制

Abstract:

Constraints are considered to be the principal motivation for Role-Based Access Control(RBAC). This paper analyzes XML based access control language XACML and points out some shortcomings of the XACML profile for RBAC. It provides role enablement authority to extend this profile, in this way, several kinds of constraints of RBAC such as separation of duty constraints and cardinality constraints can be enforced and implemented using XACML.

Key words: Web services, eXtensible Access Control Markup Language(XACML), Role-Based Access Control(RBAC)

中图分类号: 

• TP311