Abstract: An extended RBAC model with spatial character is presented. By dynamically changing user-role or role-permission assignments, it is possible to control the available set of permissions based on where the user is situated. This paper also extends a role-based authorization constraint model to describe constraints with spatial character on different levels, which is suited for wireless network.

Key words: Access control, Role, Spatial, Constraint

摘要： 以NIST RBAC参考模型为基础，引入地理域和逻辑域的概念，对RBAC模型作了空间维扩展：通过用户-角色或角色-权限的动态分配，用户只拥有在其所在位置的所需权限；对角色的授权约束加入空间特性，使之能够形式化描述多个层面的空间职责分离约束，从而适用于无线网络的应用环境。

关键词: 访问控制, 角色, 空间, 约束

CLC Number: 

• TP393.08