摘要： 公钥基础设施PKI 技术通过方便灵活的数字证书与密钥管理机制，解决了可信的身份问题。但是，仅仅依靠PKI 机制无法完全满足大型分布式网络环境下授权管理和基于角色的访问控制等需求。该文在深入研究PMI 及属性证书的基础上，提出了一个基于属性证书的PMI 授权管理模型，并对模型的具体实现进行了研究。

关键词: 特权管理基础设施；角色；属性证书；授权；公钥证书

Abstract: By means of flexible digital certificate and key management mechanism, public key infrastructure solves the problem of trusted identity. However, merely in dependent of PKI can not totally fulfill the requirements of distributed authorization management and role-based access control. With deeply research on PMI and attribute certificate, an authorization management model of PMI which is based on attribute certificate is put forward. And the key techniques to implement it are discussed

Key words: Privilege management infrastructure (PMI); Role; Attribute certificate; Authorization; Public key certificate