外文翻譯--web環(huán)境下基于角色的訪問控制

1、<p><b>　　附錄A：英文原文</b></p><p>　　Role-Based Access Control for the Web</p><p>　　John F. Barkley, D. Richard Kuhn, Lynne S. Rosenthal, Mark W. Skall, and Anthony V. Cincotta,</p

2、><p>　　National Institute of Standards and Technology Gaithersburg, Maryland 20899 </p><p><b>　　ABSTRACT </b></p><p>　　Establishing and maintaining a presence on the World

3、Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on their profitabilit

4、y. Enabling customers to answer their own questions by clicking their way through Web pages, instead of dealing with operators and voice response systems, increases the efficiency of the customer interface. </p>&

5、lt;p>　　One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that are attempting to manage security in distr

6、ibuted multimedia environments such as those using World Wide Web services. Today, security administration is costly and prone to error because administrators usually specify access control lists for each user on the sys

7、tem individually. </p><p>　　Role-based access control (RBAC) is a technology that is attracting increasing attention, particularly for commercial applications, because of its potential for reducing the compl

8、exity and cost of security administration in large networked applications. The concept and design of RBAC is perfectly suited for use on both intranets and internets. It provides a secure and effective way to manage acce

9、ss to an organization’s Web information. This paper describes a research effort to develop RBAC on th</p><p>　　Introduction </p><p>　　Establishing and maintaining a presence on the World Wide We

10、b (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well-designed Web site can have a positive effect on their profitability. Enab

11、ling customers to answer their own questions by clicking their way through Web pages, instead of dealing with operators and voice response systems, increases the efficiency of the customer interface. Companies are seizin

12、</p><p>　　More recently companies have begun using web technology to service the public as well as private and internal clients. Web sites are set up to segregate some information from the general public, pr

13、oviding it to only selected or "private" clients. Typically, public internet is cordoned off from the general public by having user accounts and passwords. Additionally, Web sites are now running inside the com

14、pany often created for and by employees. These internal private nets or "intranets" use the i</p><p>　　The Web can be used as an inexpensive yet powerful alternative to other forms of communication

15、s. A plethora of corporate information (e.g., procedures, training materials, directories, forms) can be converted to electronic form and made available via the Web. With a single source for these materials the cost of m

16、aintenance is significantly reduced, while greatly simplifying the task of ensuring currency. Thus an objective of enterprise computing, creation of a company wide system irrespective of</p><p>　　Although th

17、e internet and intranets can offer great benefits to a company or government agency, security threats remain. To date net enthusiasts tend to focus on how to link people and businesses, not on using the network as a way

18、to run and manage businesses securely. Although existing Web servers can effectively provide all or nothing access to a particular Web site and a number of popular Web servers can even provide fairly fine grained access

19、control, they provide very primitive tools to adm</p><p>　　This paper describes the benefits of RBAC and an implementation of RBAC on the Web (RBAC/Web), and in particular as RBAC applies to an intranet comp

20、uting environment. This will provide Web administrators with a capability for the first time to centrally administer and regulate user access to information in a manner that is consistent with the current set of laws, re

21、gulations, and practices that face their business today. Although this paper focuses on intranets, the benefits, concepts and implem</p><p>　　RBAC Description </p><p>　　Role-based access control

22、 (RBAC) [1], [2], [3], [4], [5] is an alternative to traditional discretionary (DAC) and mandatory access control (MAC) policies that is attracting increasing attention [6], particularly for commercial applications. The

23、principal motivation behind RBAC is the desire to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure. Traditionally, managing security has required m

24、apping an organization's security polic</p><p>　　With RBAC, security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, where rol

25、es are based on the user's job responsibilities and competencies in the organization. Each role is assigned one or more privileges (e.g., information access, deletion, creation), see Figure 1. It is a user's memb

26、ership into roles that determine the privileges the user is permitted to perform. Security administration with RBAC consists of determinin</p><p>　　The RBAC framework provides for mutually exclusive roles as

27、 well as roles having overlapping responsibilities and privileges. For example, some general operations may be allowed by all employees, while other operations may be specific to a role. Role hierarchies are a natural wa

28、y of organizing roles within an organization and defining the relationship and attributes of the roles. Complexities introduced by mutually exclusive roles or role hierarchies as well as regulating who can perform what a

29、c</p><p>　　Separation of Duty </p><p>　　RBAC mechanisms can be used by a system administrator in enforcing a policy of separation of duties. Separation of duties is considered valuable in deterr

30、ing fraud since fraud can occur if an opportunity exists for collaboration between various job related capabilities. Separation of duty requires that for particular sets of transactions, no single individual be allowed t

31、o execute all transactions within the set. The most commonly used examples are the separate transactions needed to initiate a </p><p>　　We define static separation of duty to mean that roles which have been

32、specified as mutually exclusive cannot both be included in a user's set of authorized roles. With dynamic separation of duty, users may be authorized for two roles that are mutually exclusive, but cannot have both ro

33、les active at the same time. In other words, static separation of duty enforces the mutual exclusion rule at the time an administrator sets up role authorizations, while dynamic separation of duty enforces the rul</p&

34、gt;<p>　　Role Administration and Visualization </p><p>　　The roles are established, manipulated and viewed using the RBAC/Web Admin tool. The Admin tool allows system administrators to create and defi

35、ne roles, role hierarchies, relationships and constraints. Once the RBAC framework is established for the organization, the principal administrative actions are the granting and revoking of users into and out of roles as

36、 job assignments dictate. These maintenance tasks are easily performed using the Admin tool. </p><p>　　Additionally, the Admin tool is being enhanced to utilize the Virtual Reality Modeling Language (VRML, p

37、ronounced 'vermal'). VRML is an interactive, inter-networked, 3D graphics language for the Web. It is used to represent graphics, test, sound, and links to other content as either a static or dynamic picture on t

38、he Web. The inclusion of VRML into RBAC lets system administrators use an interactive computer model to check and validate the role structure, relationship, and privileges. Being able </p><p>　　The VRML comp

39、onent will enable authorized users to navigate the RBAC database, finding and linking roles, and displaying attributes and graphics associated with those roles. By presenting a 3D model of established roles, the user can

40、 easily see which roles are mutually exclusive as well as the hierarchical structure of related roles and conflicts between roles (see Figure 2). VRML's navigational controls allows the user to interactively 'wal

41、k-through' and manipulate the view perspective of the 3</p><p>　　RBAC Example </p><p>　　Consider the branch office of a bank. In this environment, there are roles such as branch manager, tel

42、ler, and account representative, as illustrated in Figure 2. </p><p>　　The graph structure shows role hierarchy. The role financial_advisor inherits the role account_rep. An individual authorized for the rol

43、e financial_advisor is permitted to perform all of the operations permitted to an individual authorized for the role account_rep. Thus, an individual in the role of financial_advisor is able to create and remove accounts

44、. Because account representatives, branch managers, internal auditors, and tellers are all employees of the bank, their corresponding roles inhe</p><p>　　In Figure 2, the role account_rep is highlighted, app

45、earing as a dark sphere, in order to show the other role relationships for account_rep. The roles teller and account_holder are shown as yellow rectangular solids to indicate that these roles have a "Dynamic Separat

46、ion of Duties" (DSD) relationship with the role account_rep. This relationship is a conflict in interest relationship indicating that an individual acting in the role of account_rep cannot also be acting in either o

47、f the roles of ac</p><p>　　The role internal_auditor is shown in a red hexahedron to indicate that this role has a "Static Separation of Duties" (SSD) relationship with the role account_rep. The SS

48、D relationship is also a conflict of interest relationship like the DSD relationship but much stronger. If two roles have a DSD relationship, then they may both be authorized for an individual but that individual may not

49、 act in both roles simultaneously. If two roles have a SSD relationship, then they may not even be authorized </p><p>　　The new version of the Admin tool using VRML will allow us to represent conflicts of in

50、terest and other relationships in a more natural way and view the scene from an infinite number of viewpoints. VRML allows complex 3D objects to be created for this purpose. The user can 'enter' a selected role a

51、nd explore several levels of detail (i.e., information) associated with that role. In addition, the sound capabilities of VRML can be utilized to give audio warnings when roles are used which cause con</p><p&g

52、t;　　RBAC for World Wide Web Applications </p><p>　　Role Based Access Control (RBAC) for the World Wide Web (RBAC/Web) is an implementation of RBAC for use by World Wide Web (Web) servers. Because RBAC/Web pl

53、aces no requirements on a browser, any browser that can be used with a particular Web server can be used with that server enhanced with RBAC/Web. RBAC/Web is implemented for both UNIX (e.g., for Netscape, NCSA, CERN, or

54、Apache servers) and Windows NT (e.g., for Internet Information Server, WebSite, or Purveyor) environments.</p><p>　　Components of RBAC/Web are shown in Table 1. RBAC/Web for UNIX uses all of the components i

55、n Table 1. Because built-in NT security mechanisms are closely compatible with RBAC, the NT version uses only the Database, Session Manager, and Admin Tool components. RBAC/Web for NT requires no modification of Web serv

56、er internals or access to source code. With RBAC/Web for UNIX, there are two ways to use RBAC/Web with a UNIX Web server.</p><p>　　The simplest way is by means of the RBAC/Web CGI. The RBAC/Web CGI can be us

57、ed with any existing UNIX server without modifying its source code. RBAC URLs are passed through the Web server and processed by the RBAC/Web CGI. RBAC/Web configuration files map URLs to file names, while providing acce

58、ss control based on the user's roles. Installation of the RBAC/Web CGI is similar to the installation of the Web server.</p><p><b>　　附錄B：中文翻譯</b></p><p>　　Web環(huán)境下基于角色的訪問控制</p&g

59、t;<p>　　John F. Barkley, D. Richard Kuhn, Lynne S. Rosenthal, Mark W. Skall, 和 Anthony V. Cincotta,</p><p>　　國家研究院所定規(guī)則及蓋瑟斯堡技術(shù)，馬里蘭20899 </p><p><b>　　摘要</b></p><p>

60、　　建立和維持一個萬維網(wǎng)（Web），它作為美國工業(yè)的一種附屬形式，已經(jīng)成為了買賣和銷售戰(zhàn)略中的重點。許多公司示范了一個設(shè)計良好的萬維網(wǎng)能讓他們在收益性上產(chǎn)生積極的效果。促成客戶藉由Web網(wǎng)頁按他們的方法獲得他們想要的訊息，而不是通過處理操作員或聲音回應(yīng)系統(tǒng)，以增加客戶接口的效率。</p><p>　　特別是對于嘗試使用萬維網(wǎng)服務(wù)器來管理多媒體環(huán)境安全的組織來說，最挑戰(zhàn)性的問題之一在于管理大的網(wǎng)絡(luò)系統(tǒng)時，所面對的安

61、全管理方面的復雜性。今天，安全管理昂貴和容易出錯是因為管理人通常單獨為每個在系統(tǒng)上的使用者指定訪問控制目錄。</p><p>　　基于角色的訪問控制（RBAC）是一種逐漸吸引人們注意的技術(shù)，特別是在商務(wù)應(yīng)用上，因為它具有減少大型網(wǎng)絡(luò)應(yīng)用的復雜性和費用的潛力。 RBAC的概念和設(shè)計是為了能完全適應(yīng)企業(yè)內(nèi)部網(wǎng)和因特網(wǎng)。它提供了一個安全有效的方法去管理和組織其萬維網(wǎng)信息的訪問。本文描述了如何才能致力于在萬維網(wǎng)上去應(yīng)用基

62、于角色的訪問控制。為使用萬維網(wǎng)協(xié)議的網(wǎng)絡(luò)服務(wù)器提供基于角色的訪問控制的安全和軟件組件，這些內(nèi)容都已經(jīng)被實現(xiàn)并且在本文中得到了描述?；诮巧脑L問控制組件能被用于商務(wù)的萬維網(wǎng)服務(wù)器上，并且不需要服務(wù)器軟件的修正。</p><p><b>　　引言</b></p><p>　　建立和維持一個萬維網(wǎng)（Web），作為美國工業(yè)的一種附屬形式，已經(jīng)成為了買賣和銷售戰(zhàn)略中的重點。許

63、多公司示范了一個設(shè)計良好的萬維網(wǎng)能讓他們在收益性上產(chǎn)生積極的效果。促成客戶藉由Web網(wǎng)頁按他們的方法獲得他們想要的訊息，而不是通過處理操作員或聲音回應(yīng)系統(tǒng)，以增加客戶接口的效率。公司紛紛抓住萬維網(wǎng)這樣一個迅速的精簡辦法——甚至不惜轉(zhuǎn)變他們的組織。</p><p>　　越來越多的新公司開始使用萬維網(wǎng)技術(shù)去為公眾或私人以及國內(nèi)客戶提供服務(wù)。萬維網(wǎng)站的建立是用來分隔一些來自普通大眾的信息，提供給他唯一的選擇或設(shè)定“私人

64、”用戶。具體才說，公共網(wǎng)絡(luò)封鎖住了使用者的帳戶和密碼以免公開。此外，在企業(yè)內(nèi)部運行的萬維網(wǎng)站經(jīng)常是為其雇員而產(chǎn)生設(shè)立的。這些內(nèi)部私人站點或使用基礎(chǔ)設(shè)施、因特網(wǎng)標準和萬維網(wǎng)的“內(nèi)部網(wǎng)”是通過防火墻來與公共網(wǎng)絡(luò)相封鎖的。萬維網(wǎng)能被當作一種可供選擇的便宜而又強有力的通信形式。過剩的企業(yè)信息（e.g.程序,訓練材料，目錄,表格）能經(jīng)由萬維網(wǎng)制作而被轉(zhuǎn)換為電子形式。借助此單一途徑，為這些材料維護的費用顯著地減少了，這也確保了流通任務(wù)的簡化。如此一

65、來，企業(yè)計算機的一個目的：創(chuàng)造一個公司的大型系統(tǒng)，在其下分布的信息科技系統(tǒng)內(nèi)的各部分是能被實現(xiàn)的。</p><p>　　雖然互聯(lián)網(wǎng)和內(nèi)部網(wǎng)能為公司或政府機構(gòu)提供非常好的利益，但安全威脅依然殘留。熱心者們往往集中于人或生意上，而忽視了以使用網(wǎng)絡(luò)作為運行和管理商業(yè)安全的方式。已經(jīng)存在的萬維網(wǎng)服務(wù)器能有效地提供所有的或不存在訪問給一個特別的網(wǎng)站，許多流行的萬維網(wǎng)伺候器甚至能更清楚而又細膩地提供訪問控制，他們提供非常原始

66、的工具來管理這些單一企業(yè)的遠程控制。</p><p>　　本文描述了有關(guān)基于角色的訪問控制和基于角色的訪問控制在萬維網(wǎng)環(huán)境下執(zhí)行（RBAC/Web）的優(yōu)勢，而且在個別項目中基于角色的訪問控制適用于一個企業(yè)內(nèi)網(wǎng)絡(luò)計算環(huán)境。今天在此將會第一次提供給萬維網(wǎng)管理人一種核心管理能力和管理使用者訪問信息的方式，同時與法規(guī)流向保持一致并適應(yīng)他們的商務(wù)要求。雖然本文的焦點在于企業(yè)內(nèi)部網(wǎng)、利益、觀念和和基于角色的訪問控制在萬維網(wǎng)環(huán)

67、境下的執(zhí)行，但對數(shù)據(jù)的限制訪問需要可以應(yīng)用在公司的因特網(wǎng)環(huán)境中。</p><p>　　基于角色的訪問控制描述</p><p>　　基于角色的訪問控制 (RBAC) 是傳統(tǒng)的隨意權(quán)限控制(DAC) 和強制性的訪問控制 (MAC) 的替代品，在商業(yè)申請后成為了一種正在不斷吸引人們注意的技術(shù) 。 在基于角色的訪問控制背后的主要推動力是自然的對組織結(jié)構(gòu)進行規(guī)定和加強企業(yè)專項安全性策略的渴望。傳統(tǒng)上

68、來說, 安全管理需要把組織的安全政策放置到一個相對低水平的控制上去,傳統(tǒng)地存取控制目錄。</p><p>　　藉由基于角色的訪問控制技術(shù)，安全在一個比較接近符合組織結(jié)構(gòu)的水平上被處理。 在角色以組織中的使用者其工作職責和能力為基礎(chǔ)的地方，每個使用者被分配一個或多個角色。每個角色又被分配一個或多個權(quán)限 (例如數(shù)據(jù)訪問，劃除,創(chuàng)造)。 只有進入決定特權(quán)使用者的角色范圍之內(nèi)后，使用者的全體操作才被允許?；诮巧脑L問控

69、制的安全管理使得只有當特定的操作者被判斷其動作可以被運行,然后分配職員到適當?shù)慕巧蟛拍苓M行。 </p><p>　　基于角色的訪問控制結(jié)構(gòu)可以提供給互斥的角色和角色有交疊處理職責的特權(quán)。 舉例來說，一些一般的操作可能被所有的職員允許,當其他的操作可能是對一個角色的特性時候。 角色層次是在一個組織里面組織角色而且定義關(guān)系和角色屬性的自然方法。 在基于角色的訪問控制軟件全部處理后，被互斥的角色或組織角色的復雜引入也

70、調(diào)節(jié)了誰能運行什么行動,何時, 從哪里, 以什么次序, 和在某些情形之下表示關(guān)系的環(huán)境。 </p><p><b>　　職責的分離</b></p><p>　　基于角色的訪問控制機制可能被系統(tǒng)管理人用在執(zhí)行一種政策分立的職責。自從面臨在類似的工作或機會中詐騙能夠發(fā)生后，分立的職責被認為在防止詐騙方面是有價值的。分立的職責必須是為了交易的特殊集合，沒有簡單單一的被允許去

71、執(zhí)行所有在集合里的交易。最常用的例子是</p><p>　　交易的分期付款和授權(quán)付款。沒有單個的個體能夠運行兩個交易。系統(tǒng)管理人對企業(yè)傳統(tǒng)的處理生意的方式是一個自然而又抽象化的程度控制訪問。且由靜止又動態(tài)地經(jīng)過角色，角色等級，關(guān)系和限制的建立和定義管理使用者的行動被達成了。 </p><p>　　我們定義靜態(tài)職責的分離意味著互斥的給定角色不能同時被包括在用戶的授權(quán)權(quán)限集合里。根據(jù)動態(tài)的職責

72、分離，用戶也許被授權(quán)了兩個互斥的角色，但是不能同時操控這兩個角色。換句話說，當一位管理人建立角色授權(quán)的時候，靜態(tài)職責的分離迫使規(guī)則互斥；而當一個用戶選擇角色的時候，動態(tài)職責的分離迫使規(guī)則同樣互斥。</p><p><b>　　管理和顯示角色</b></p><p>　　使用基于角色的訪問控制/萬維網(wǎng)管理工具的角色被建立和操縱。管理工具允許系統(tǒng)管理員產(chǎn)生并且定義角色，角

73、色層次，關(guān)系和限制。一旦基于角色的訪問控制結(jié)構(gòu)被確定是為了組織，首要的管理行動是用戶進入的許可和廢除并且缺乏對角色的分配指示。這些維護工作使用管理工具將被容易運行。</p><p>　　另外，管理工具正在被用以提高利用虛擬的真實靠模切語言（虛擬現(xiàn)實建模語言 ,發(fā)音 'vermal'）。虛擬現(xiàn)實建模語言 是交談式的、網(wǎng)際企業(yè)式的、同時也是用于萬維網(wǎng)的3D立體圖形語言。它用來表現(xiàn)圖形，測試，聲音和萬維

74、網(wǎng)上任意靜態(tài)或動態(tài)圖象的鏈接內(nèi)容?；诮巧脑L問控制的虛擬現(xiàn)實建模語言 讓系統(tǒng)管理人使用一個交談式計算機模型檢查，而且使角色結(jié)構(gòu)，關(guān)系和特權(quán)有效。能夠觀察和互相影響復雜的模型，允許管理人識別沖突，根除缺點而且早在基于角色的訪問控制安裝時就對安裝啟用進行改良。</p><p>　　虛擬現(xiàn)實建模語言 成份將會使經(jīng)認可的使用者能夠執(zhí)行基于角色的訪問控制數(shù)據(jù)庫，發(fā)現(xiàn)而且鏈接角色，而且顯示屬性和被和那些角色整合的圖形。藉由

75、一個確定角色的3D立體模型呈現(xiàn)，用戶能很容易地看出哪一個角色是互斥的和在角色之間的相關(guān)角色，以及沖突的階層結(jié)構(gòu)。虛擬現(xiàn)實置標語言的導航控制允許使用者以交互式“初排”而且操縱 3D立體模型的視野遠景,即一個場景曲線圖。舉例來說，當看“平面” 或2 D 曲線圖的時候，角色關(guān)系可能已經(jīng)被隱藏的情況下場景曲線圖可能被旋轉(zhuǎn)來顯示曲線圖的“背部”。為了改善可讀性、清晰度和適應(yīng)性，角色層次被組織成層，而每個層又包含著其它級別的細節(jié)。通過一個角色，角色

76、能開啟和展現(xiàn)相關(guān)的角色層或角色信息。例如，與特權(quán)相關(guān)的角色或一個用戶的從屬清單。</p><p>　　基于角色的訪問控制舉例</p><p>　　考慮銀行的分公司。 在這環(huán)境中,有角色 , 像是部門經(jīng)理，講話者和帳戶代表。</p><p>　　曲線圖結(jié)構(gòu)展示了角色的層次，角色financial_advisor繼承了角色account_rep。單獨被授權(quán)的角色fina

77、ncial_advisor被允許進行所有account_rep角色所能進行的活動。因此，被授權(quán)的角色financial_advisor能夠創(chuàng)建和修改帳戶。因為帳戶代表，部門經(jīng)理，內(nèi)部的審計員和出納員都是銀行的職員,他們的對應(yīng)角色也繼承了職員的角色。 </p><p>　　在圖2中，角色account_rep是突出的，為了顯示其他角色關(guān)系，account_rep的表現(xiàn)形式是一個暗球的形狀。出納員角色和account

78、_holder以黃色矩形顯示是為了說明這些角色與account_rep有一個“動態(tài)權(quán)責區(qū)分”（DSD）的關(guān)系。這個關(guān)系是一個抵觸的利益關(guān)系指標，而account_rep 角色的個體權(quán)限不能在另一半的account_holder或teller角色上被給予權(quán)限。銀行的政策是帳戶代表或銀行職員能有銀行的帳戶，但是如此的個體在處理其它的帳戶時候不可能同時處理他們的個人帳戶。同樣的，因為一個出納員有一個公開的現(xiàn)金抽屜且在關(guān)閉時一定結(jié)算了。一個坐在

79、遠離出納員桌子上的account_rep角色即使被授權(quán)了出納員的角色也不能同時被允許擁有出納員的個體行動權(quán)限。</p><p>　　角色internal_auditor的表現(xiàn)形式是一個紅色的六面體形狀是為了說明這些角色與account_rep有一個“靜態(tài)權(quán)責區(qū)分”（SSD） 的關(guān)系。這個靜態(tài)權(quán)責區(qū)分的關(guān)系同樣是一個和動態(tài)權(quán)責區(qū)分關(guān)系一樣相互抵觸的利益關(guān)系，但是這個關(guān)系更強勁一些。如果兩個角色間有一個動態(tài)權(quán)責區(qū)分的

80、關(guān)系，那么他們可能同樣被一個個體所授權(quán)，但是那個個體不可能同時在兩個角色上被運用。如果兩個角色間有一個靜態(tài)權(quán)責區(qū)分的關(guān)系，那么他們不可能同樣被一個個體所授權(quán)。在這一個例子中，銀行的政策是在internal_auditor 和 account_rep的角色之間有一個基本的利害沖突，這二個角色可能無法被相同的個體所授權(quán)。</p><p>　　使用虛擬現(xiàn)實建模語言的管理工具的新版本將會允許我們以一種自然的方法表現(xiàn)相互抵

81、觸的利益或是其它關(guān)系，而且是由無數(shù)的情況所組成的。虛擬現(xiàn)實建模語言允許復雜的3D立體物體為這一個目的而被產(chǎn)生。使用者能“進入”一個被挑選出的角色而且探究一些和那個角色相互關(guān)聯(lián)的程度方面的細節(jié)（也就是數(shù)據(jù)）。除此之外，當角色被應(yīng)用的時候，虛擬現(xiàn)實建模語言的聲音能力可能可能被利用上，在引起利害沖突、當不合適的程序被用或其他問題的時候給予聲音的警告。 </p><p>　　基于角色的訪問控制在萬維網(wǎng)中的應(yīng)用</p

82、><p>　　為萬維網(wǎng)(RBAC/Web)而設(shè)的基于角色的訪問控制(RBAC)是萬維網(wǎng)(Web)服務(wù)器對基于角色的訪問控制技術(shù)的具體執(zhí)行。因為RBAC/Web點沒有瀏覽器上的需求, 任何瀏覽器都能被用于一個特殊的用以增強RBAC/Web服務(wù)器的Web服務(wù)器。RBAC/Web同時被UNIX（舉例來說，對網(wǎng)景，NCSA，CERN 或阿帕契伺候器）和Windows NT（舉例來說, 對英特網(wǎng)數(shù)據(jù)伺候器，網(wǎng)站或承辦商）環(huán)境所

83、應(yīng)用</p><p>　　RBAC/Web的組件在表1中被顯示?；赨NIX的RBAC/Web可以使用表1中的所有組件。因為內(nèi)建的NT安全機制與基于角色的訪問控制非常適合，NT版本只使用數(shù)據(jù)庫，會話管理員，和管理工具組件。NT的RBAC/Web需要Web伺候器的無修正或原代碼的訪問?；赨NIX的RBAC/Web有兩種途徑以UNIX Web服務(wù)器來使用RBAC/Web。</p><p>