推动这种扩展的动力是允许我们将访问控制分离到一个通用的框架,该框架使用基于所有权和特定关系的策略。
The driving motivation behind this extension is to allow us to separate access control into a generalized framework that USES policies based on ownership and special relationships.
接着,介绍了域数据模型的一般概念,包括域数据模型的描述、域关系的表示和运算、基于域数据模型的访问控制方法等。
Then, the theories of DDM is fully explained in the paper, including the description of DDM, the denotation and operation of domain relation, and the access control method based on DDM.
针对基于角色的访问控制(RBAC)模型中由于继承关系产生的子角色不能拥有私有权限问题进行了研究。
A problem that child role cannot obtain private permissions because of inherited relation in the Role-Based Access Control (RBAC) model is researched.
应用推荐