摘要： 转授权技术能解决分布式环境下的用户授权问题，但在多步转授过程中可能引发循环授权和权限扩散。研究任务-角色访问控制(TRBAC)模型，提出基于授权步数和角色差度的工作流转授权(DR-TRBAC)模型，根据同一任务的转授关系构建转授权树，通过限定授权步数和遍历转授权树解决循环授权问题，设置转授用户间最大角色差度防止权限的扩散。应用实例证明了DR-TRBAC模型的实用性。

关键词: 转授权模型, 授权步数, 角色差度

Abstract: The delegation technology can solve the authorization problem of users in distributed environment, which makes the permission management flexible. However, it is possible to cause the issues of cycle authorization and permission diffusion in the process of multi-step delegation. On the basis of T-RBAC, the paper proposes a DR-TRBAC model based on delegation depth and role range. It creates delegation tree according to delegation relationship of one task. The cycle authorization problem is solved by limiting delegation depth. The permission diffusion is controlled by setting the maximum of role range between users. The feasibility of DR-TRBAC is proved through an application.

Key words: delegation model, delegation depth, role range

中图分类号: 

• N945.12