| Many activities of human society are performed with a form of organization.Organization came from the social division of labor and specialization,and becomes more complex with the progress of science and technology,and the improvement of socialized production.In modern society,because of the enlargement of scale of all kinds of activities and the complexity with environment,more complex cooperation work and labor are needed to accomplish the targets. The function of the organization is so important to be irreplaceable.The structure is a key part of an organization.The structure of government refers to the existence form of government and it comes down to work division of the internal parts and personnel.This is so close to the integration of the system.Government is defined as the body within an organization that has authority and function to make and the power to enforce laws,regulations,or rules.The construction for informationization of China government is going forward step by step.The information security is being challenged with the deployment and application of large scale network system,so many scholars and institutes focus on the organization authorization. With the ongoing theory research and practice,OB4LAC(Organization Based 4 Levels Access Control) model plays an important role in protecting the large scale distributed system. The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The superiority of the organization authorization model can be shown with the support of the position ontology.It is an important process to construct the position ontology to realize the organization authorization structure.An algorism,based on OB4LAC,was put forward in detail for describing the relationship between user,position,role and operation by comparing with different security systems and safety verification methods. The single-layer mapping model and multi-layer mapping model were included.The author laid emphasis on the research of description about the position and its relationship with user, role and operation in distributed organization authorization system.And also the author described the component and logic rules of position in detail with OWL.(1) Getting the organization structure,horizontal and vertical structure,this can be formalized easily by analyzing the structure of the sections and departments of the government. A position layer was added between the user layer and role layer.With the four layers, user-position-role-operation,the access control of the authorization system becomes more reasonable.And the workload of maintenance for the system was reduced greatly.This made the organization authorization was more close to the reality.(2) The attribute data of position ontology was described,the elements components which consist of the position ontology were analyzed and the data structure of the position was designed in this paper.Some parts of the source code were given in this paper.Because of the distribution of the authorization system in practice,there is a need to collect the information from distributed information source by the OWL ontology.This can realize the user identification and operation authorization in distribution circumstance.(3) The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The logic rules of the position ontology in organization authorization system were analyzed and summarized.The necessary logic rules for the connection of ontology in different region and layers were discussed,and followed by some examples.The rules about equivalence,identity,and otherness were described.(4) In the reality we can indentify a person by looking,status,name,gender,age,address, and so on.The user ontology can rely on these elements to form the relation of different users. For describing the characters of user clearly in the system,the user ontology for reasoning should be created.There are different groups of user base on different systems.It is not standing alone between the users.The relationship of the users in the system is similar to the people in real life.A single-layer mapping model and a multi-layer mapping model were founded by analyzing the relationship between user,position,role and operation.And the relating examples were given.(5) Analyzing and designing the mapping of user and position for the state administration of safety work of China.Integrated deployment and distributed deployment were both suggested in large scale organization authorization systems.Single-layer and multi-layer model played important roles in the application.
|
PDF Full Text Request