Research And Implementation Of Access Control In The Networked Manufacturing Dynamic Alliance

With the development of information technology and computernetwork technology, the world is shaping a"new world economy", namely"Internet Economy". The Networked Manufacturing Dynamic Alliance(NMDA) is an inevitable development trend for"Internet Economy". TheNetworked Manufacturing Dynamic Alliance (NMDAS) is the open,distributed and collaborative system which is based on the computernetwork. All data in Alliance are not only stored, transmitted, received,integrated and regenerated in the system, but also open to all Internet users.So the information is very likely to be stolen, altered or destroyed. At thesame time, internal users in an enterprise may access the data deliberatelyand illegally and the misoperation of system user can also damage the data.Each action mentioned above can damage the interests of the entities.Therefore, facing such a large number of users and resources, the accesscontrol becomes vital, which can not only protect the authorized usersaccessing the resources within his permissions but also refuse illegaloperation and provide as much flexibility as possible for users.Because the access control technology is closely related with itsoperating environment and NMDAS is a peaceful brand-new applicationdomain to access control, it is necessary to carry on the research on theaccess control in NMDAS.Based on the project of "Auto Parts Manufacturing Alliance ResourcePlanning," which is one of the science and technology development-planprojects of Jilin Province, the purpose of this study is to research the accesscontrol according to the main characteristics of the system. This article is toresearch the sharing of resources and information safely by the members ofNMDAS and preserve the security of private resources. This paper includesthe following major components:1. This article analyzes the security requirements of NMDAS, and thenproposes the access control model in NMDAS.1) NMDAS is a kind of prompt, coordinate, open, dynamic and long-distance system. The alliance's participations involved in thecollaboration are changing, and the staff is dynamic, and along with thecollaborative process responsibilities are also dynamic, so the AccessControl in NMDSA is very complex and troublesome. 2) Each kind ofresources is allocated and shared among all partners. Therefore it is feasibleand convenient to manage the resources safely based on the project. 3) Itmay have different participants, resources and objectives in different stageof the business process. The resources of NMDAS are divided into theshared resource in the alliance or in the project, and the private resources ofthe alliance member. Therefore it needs to protect the safety of public andprivate resources and ban all users working in an enterprise and its partnerswho have dropped out from the NMDA from accessing resources in theNMDAS.The access control model is the foundation to realize the access control.Since Lampson proposed the access matrix model, many experts at homeand abroad have proposed TBAC, NDAC, TMAC, SPACE and RBAC andso on for the distributed collaborative environment. However, these modelshave plenty of limitations or pertinence. Because the RBAC model hasmany merits and is the most popular access control model, according to thecharacteristics of NMDAS, this article proposed a model of Access Controlin the Networked Manufacturing Dynamic Alliance System (AC-NMDAS)based on the RBAC access control model. The AC-NMDAS model iscomposed of two submodels: organization and role-based access controlmodel (ORBAC) and project-based access control model (PBAC).2. This paper detailedly describes and models ORBAC and PBACwhich compose the AC-NMDAS.ORBAC consists of RBAC model and organization. The organizationand the role equally provide supports for partial order (reflexivity,anti-symmetry and transitivity). Managers can not only assign users togeneral roles but also to organization. The user's permissions consist of thepermissions of general roles and organization assigned to the user. Theorganization can facilitate the management as well as thereality-organization, and can make the assignments much easier which are between users and roles and between roles and permissions. ORBACprotects the security of the private resources in the participating enterprise.The ORBAC model is organized into four ORBAC components similar tothe RBAC model: Core ORBAC, Hierarchical ORBAC, Static Separation ofDuty Relations, and Dynamic Separation of Duty Relations.PBAC primarily provides the management of the access to publicresources in NMDAS safely. NMDA is founded on one or several projects.So the relationship between the NMDA and project is one to many. NMDAconsists of the enterprise members, and allows individual to become analliance member in personal reputation in the project. After userassignments, members can access the resources in NMDAS. Thesuper-manager can assign different manager according to different project.The permissions between managers and the general roles or organization aredifferent absolutely.3. This article provides the implementation of AC-NMDAS withfour-component-based architecture on J2EE platform. And the Check-in andCheck-out mechanism is proposed to support the concurrent access to publicresources.AC-NMDAS is implemented on J2EE platform and includesfour-component-based architecture: client layer, Web layer, Enterprise layerand data layer. There are several modules in AC-NMDAS: 1) projectmanagement, which classifies the notice strategy and the access controlstrategy on the project folder and the document. 2) Folder management,which is a manager of the project resource. The resource management takesthe folder as a unit of the management. And all service objects in the projectare items of the folder. 3) Check-in and Check-out management, whichmanages the concurrent of NMDAS and permits users to operatesimultaneously. 4) Version management, which is affected by check-in andcheck-out. 5) Management of the three basic elements in Access ControlModel: user management, permission management and the rolemanagement and so on.The contributions of this study are listed as follows: AC-NMDAS may:1) AC-NMDAS makes it efficient and convenient to manage users and permissions; 2) AC-NMDAS is a good solution to resources managementand sharing in NMDAS; 3) AC-NMDAS facilitates dynamic change ofaccess right based on the organization structure of NMDAS; 4)AC-NMDAS preserves the access rights of users who are not affected by thechange of department in the networked manufacturing dynamic alliance orits members; 5) AC-NMDAS prevents from disclosing business confidentialinformation in enterprise of NMDA; 6) AC-NMDAS bans all users workingin an enterprise from accessing resources in NMDAS, when the enterprisedrops out from NMDA.However some problems still need to be resolved: such as the systemonly integrates such access control model as RBAC model and the systemcan't automatically generate the permission by an algorithm.