Role-based access control model provides no way for automatic user-role assignment.An attribute-based access model can automate the assignment process with fine-grain and can reduce the cost to user-role assignment.This article describes the model of AURA,the static attribute-based role assignment rules,the dynamic attribute-based role assignment rules for constraint and an instance of AURA in an opening application system.%基于角色的访问控制模型没有给出用户角色指派的实现方式,一种基于属性的用户角色自动指派机制,既可以实现细粒度的用户角色自动指派,又可以有效地减少为用户分配角色过程中的代价。本文详细介绍了用户角色自动指派的模型、基于静态属性的指派规则、基于动态属性约束的指派规则以及在某开放系统中的角色自动指派实现实例。
展开▼
