Abstract:

Authentication trustworthiness reflects the degree of trustworthiness of the user who has passed system authentication. Based on authentication trustworthiness, logging in  is restricted, user’s role and role’s mandatory access control rights are restricted, and then the user’s rights control technology is proposed. Combing authentication trustworthiness with accessing systems, it requests that the user must have some authentication trustworthiness when he wants to access a system, and the important user must pass an important identity authentication mechanism. Applying authentication trustworthiness to RBA(Role Based Authorization), it can decide which role can be activated by the user, and also can decide what rights can be activated by the active role of the user, and reflects on every mandatory access control policy, it implements the unification of authentication and access authorization, solves the problem of improper right obtaining. Finally, more contents to be studied are pointed out.

Key words: authentication trustworthiness;mandatory access control;role based authorization;access authorization