您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 资本运营 > 网格中安全策略的描述和评估
网格中安全策略的描述和评估陈昕2002.3.17AdditionalProblemsposedbyMultipleAdministrationPolicyintegrationshouldincorporatethediverseauthorizationmodelsthatcancoexistinadistributedsystem.Integratedifferentsetsofpoliciesassociatedwiththedomainprovidingresources,thedomainrequestingresourcesandtheindividualuserswithineachdomain.NosinglesyntaxforspecificationofprincipalsAgeneralizedwaytodefineapplication’ssecurityrequirementsAuthorizationFrameworkPolicylanguageGenericAuthorizationandAccess-controlAPIPolicyLanguageElements:accessidentitygrantoridentityasetofaccessrightsasetofconditionsPolicylanguage(continued)Policylanguagerepresentsasequenceoftokens:–Tokentype–Definingauthority–ValueExtendedAccessControlLists(EACLs)e.gTokenType:access-id-ANYBODYTokenType:access-id-GROUPDefiningAuthority:noneDefiningAuthority:DCEValue:noneValue:15TokenType:pos-access-rightsTokenType:pos-access-rightsDefiningAuthority:local-managerDefiningAuthority:local-managerValue:FILE:readValue:FILE:readFILE:writeTokenType:authentication-mechanismTokenType:locationDefiningAuthority:system-managerDefiningAuthority:system-managerValue:kerberos:V5Value:*.USC.EDUExtendedAccessControlLists(continued)CredentialEvaluationExtendedAccessControlLists(continued)IdentityCredential:access-id-USERkerberos.v5tom@ORG.EDUcondition:time-windowpacific-tzone6am-7pmGroupmembershipcredentialaccess-id-GROUPkerberos.V5admin@ORG.EDUcondition:privilege:restrictedDelegationcredentialgrantor:grantor-id-USERkerberosV5joe@USTC.EDU.CNgrantee:acess-id-USERkerberosV5tom@USTC.EDU.CNobjects:doc.txtrights:pos-access-rightslocal-managerFILE:writecondition:locationlocal-manager*.ustc.edu.cnGAA-APIGAA-APIfunctionsgaa-get-object-policy-infogaa-check-authorizationgaa-inquire-object-policy-infoGAA-APISecurityContextIdentityAuthorizationattributesEvaluationandRetrievalFunctionsforUpcalls
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
wjtoy14
本文标题:网格中安全策略的描述和评估
链接地址:https://www.777doc.com/doc-832764 .html