Research Of The Organization-based Access Control Method And Model For E-Governmen

Following the rapid development of the information technology and network technology, E-government system has changed a lot, from single and small to large and complex. Business scope, information resources and staff expend with the increase of size and complexity of the system, which make the safe of e-government system harder and harder, thus the authorization management and access control become more and more important. So, how to carry out these works efficiently become the key to the construction and integration of E-government system, and which is also the important work to the research all over the world.In recent years, the Role-based Access Control model got much attention, which not only improves the randomicity and mandatory of authorization management in traditional information system, but also do a great performance in distributed environment. Thus, the researchers all over the world do a great deal of extended work based on the RBAC model due to the need of real business, and also got much progress. However, because of the characteristics of RBAC, whose complexity is related to the number of users, roles and permissions closely, so it is more suitable to the smaller information system than others. When RBAC model facing the multi-level and distributed E-government system, its performance is worse and the complexity of management will also increasing greatly. These not only take great troubles to authorizaiton management work, but also bring a lot of problems to the delegation model and authorization technologies between organiziations based on RBAC model. The Professor Yanzhang Wang from Dalian university of technology adopt the view of the system engineering, from the organizational perspective of E-government and puts forward the organizaiton-based access control method, which adopt the people-oriented, make the manage as the main line, on one hand it solve the problem that RBAC modle can not adapt to the current multi-level, complex and distributed e-government system, on the other it coincide with the real work method in the real government, thus it can be more efficient.The main work of this essay is using the organization based access control method; apply it to the authorization and delegation among organizations, the work of this essay are as follows:(1) Through the research about the organization of government and its work flow, this article believes that the reasons which caused the present problems of RBAC model are due to the conflict in work patterns between the model and the real world. So, this article proposes a new access control method-Organization Based Access Control method and its implementation model-OB4LAC model. OB4LAC model adopt the authorizaiton management based on the organization, and put each departments in the organization into great play, make the entire organization achieve the best working condition finally. This essay also analyzes the member, formal description and sub-models UPA, PORA and PERA of OB4LAC model.(2) For the purpose of solving the current problems in the delegation model based on RBAC, this paper do a deep analysis with RBAC and introduce the organization-based access control method, based on it to build a new delegation model-organization-based four levels dynamic delegation model(OB4LDDM).OB4LDDM not only solves the problems that RBAC model can not adapt on the current complex information system, but also provides fine-grained dynamic control and the approach for two sides to reach agreement in delegation process. OB4LDDM also have good physical and temporal characteristics which make the delegation process more simple and controllable, this paper give specific examples on the delegation process to prove it.(3) Considering the controllability of authority and the security of resources in E-government system, the business processes have to be constrained by the time, system resources and conflict events. From these practical problems, this paper gives the realization and detailed algorithm about the authorization and delegation model under the complex temporal constraints.(4) Through the analysis of RBAC model in the process of collaboration among organizations, this essay put forwards two deficiencies:first, the permission of role would swell when crossing multiple organizations using role mapping methods; second, the heterogeneous among organizations also bring problems in the process of authorization. Thus, this essay using the organization-based access control method, and propose a new business collaboration authorization model-OB4LACpm. OB4LACpm model not only make the lack of role mapping method, but also solve the heterogeneity among organzations through the introduction of positions.(5) Through the application:Shanxi administrative approval E-government system, this essay discuss the system design and technology system of the organization-based access control system, and the personnel management subsystems, the resource management subsystem and the distributed authorizaiton management subsystem. Through a lot of illustrations, this essay demonstrates the characters of science and feasibility from the view of practical.