摘要： PMI 是构建在PKI 基础上实施特权管理的服务体系，目前普遍采用基于角色的安全架构和基于属性证书的实现机制。该文提出了一种面向PMI 环境基于角色和权限两级的开放分布式委托授权模型――DM for PMI(Delegation Model for PMI)，并在该模型的基础上引入委托证书，给出了一种扩展的PMI 体系架构――EPMI(Extension PMI)。EPMI 增强了原有PMI 中委托授权的语义和机制，解决了开放分布式环境下电子政务与电子商务实际应用中的特权委托问题。

关键词: 特权管理基础设施；开放分布式环境；DM for PMI；委托证书；EPMI

Abstract: PMI is a services system implementing authorization management in the basis of PKI, and it popularly adopts role-based security frame and realization mechanism with attribute certificate. The paper introduces a role and permission based delegation model with open and distributed property for PMI, as well as an extended PMI system based on delegation certificate EPMI (extension PMI). EPMI strengthens the semantic and mechanism of delegation, and solves delegation of e-government and e-commerce applications in distributed environment

Key words: Privilege management infrastructure; Open distributed environment; Delegation model for PMI; Delegation certificate; Extended PMI