摘要： 针对分布式服务环境中用户数目大量增长和资源访问策略复杂多样化的问题，分析目前访问控制模型的应用局限性，提出多用户服务模式中一种基于属性和规则的访问控制模型。该模型引入复合属性表达式和复合权限的概念，制定授权约束规则，为用户分配多组角色。给出模型实例，并将其与其他模型进行比较。

关键词: 多用户服务, 用户角色分配, 属性, 规则, 访问策略

Abstract: According to the requirements of huge customers and resource’s access policy diversification in distributed service environments and application limitation of access control models, this paper proposes an Attribute And Rule-based Access Control(ARBAC) model for multiple users service mode. It introduces notions of composite attribute expression and composite permission, defines different multiple role groups and makes a finite set of rules to assign user to roles. A case study is given and the model is compared with other models.

Key words: multiple users service, user-role assignment, attribute, rule, access policy

中图分类号: 

• TP311.13