关键词: 访问控制 RBAC 安全域 安全互操作

Abstract:

The IRBAC 2000 provides us with a model for the interoperability between RBAC secure domains. It translates the roles from foreign domains to the loca l ones of local domains so that the foreign users can access the local resources. But such a translation may lead to ＂conflict association＂. The paperr analyses the causes and the counteraction of the conflict, presents algorithms to determine the existence of the conflicts and to minimize the conflic t association set, and discusses the strategy to eliminate the conflict by constraints.

Key words: （access control, RBAC, secure domain, secure interoperability）