基于OB4LAC的政府组织授权系统模型研究
|
摘要
人类社会的许多活动都以组织的形式进行。组织产生于社会分工和专业化,并随着科学技术的进步和生产社会化程度的提高而日益复杂。在现代社会中,由于各种活动规模扩大,与环境的关系日益复杂,完成目标需要更复杂的协同工作和劳动,因此,组织的作用就愈发显得巨大而不可替代。组织结构则是组织的重要组成部分,是组织运作的重要手段。政府的组织结构是指政府存在的形式,组织结构涉及到组织内部各构成部分和人员的具体分工和职能划分问题,它决定组织系统的整体性、各种机构和人员之间纵横交错的权责关系、工作分工、协调、沟通的具体方法。从本质上讲,政府是一个按照一定目的和意图构成的复杂的组织,具有程序化的结构和相应的特性。
中国政府组织的信息化建设正在逐步向前推进,随着大规模网络系统的应用和部署,信息安全面临严峻的挑战,使组织授权问题受到学者和研究机构越来越多的关注,并成为研究热点。随着理论探讨的不断深入和实践经验的不断总结,OB4LAC(Organization Based 4 Levels Access Control)模型对分布式系统的安全保障起到了至关重要的作用。为了让组织授权岗位本体发挥最大的作用,就需要让组织授权岗位本体得到充分的共享。为了使得在开发组织授权岗位本体时尽可能的节省人力,就需要使得开发出的组织授权岗位本体能够被重用。组织授权岗位模型需要得到岗位本体支持才能发挥方便快捷的授权优势,同时为了实现分布式的组织授权结构,岗位本体的构建是十分重要的一环。
本文通过对现有的各种安全体系和安全验证方式的比较,基于OB4LAC提出了描述用户、岗位、角色和操作之间关系的详细算法,包括组织授权结构中的单层关系模型和多层关系模型,同时对分布式组织授权系统中的岗位及其与用户、角色和操作的关系进行了重点研究,并使用OWL对岗位的构成方式和逻辑规则进行了详细的描述。主要内容如下:
(1)组织结构涉及到组织内部各构成部分和人员的具体分工和职能划分问题,它决定组织系统的整体性、各种机构和人员之间纵横交错的权责关系、工作分工、协调、沟通的具体方法。对政府组织结构进行分析,按照现行的体系进行结构划分,得出便于模型化的组织结构形式,即横向结构和纵向结构。通过改进已有模型,在用户和角色中间增加岗位,通过“用户-岗位-角色-操作”的关系来实现用户权限的合理分配,降低系统维护工作量,使组织授权系统结构更加贴近现实,以使系统达到的最佳运行状态。面向组织授权系统,针对目前的授权模型框架方面存在的不足,给出了一种基于OB4LAC的岗位网络模型框架。
(2)分析构成岗位本体的组成元素,基于岗位本体的数据结构进行了设计,对岗位本体的属性数据进行了描述。对岗位本体的构成方式及特性进行了分析,并给出了相应的代码示例。由于现实中组织授权系统的分布性特点,所创建的相应OWL本体必须允许信息能够从分布的信息源收集起来。其中,允许组织授权岗位本体间相互联系,包括导入其他组织授权岗位本体的信息,从而实现分布式系统中的用户识别、操作授权功能。
(3)为了让组织授权岗位本体发挥最大的作用,需要让组织授权岗位本体得到充分的共享。为了使得在开发组织授权岗位本体时尽可能的节省人力,需要使得开发出的组织授权岗位本体能够被重用。分析组织授权岗位本体的逻辑结构,对构成岗位本体的组成元素进行了系统的分析和总结,对不同层次,不同区域的本体间建立关联所需的必要逻辑条件进行了分析和举例。对岗位间的等价规则、同一性规则和差异性规则进行了描述。
(4)现实中对于人的识别主要通过相貌、身份、姓名、性别、年龄、住址等进行识别,用户本体可以借鉴这些要素,并对这些要素进行分析、整理、关联,使之结构化,从而形成不同的用户本体间的关联。网络中的用户对应于现实中的人的个体。为了清晰的在系统中描述人的特征,需要建立可推理的描述用户的本体。基于不同的应用系统,有不同的用户群存在,而这些用户之间不是孤立的,这种关联与现实社会中人的关联类似。通过对用户、岗位、角色、操作的分析,文中建立了组织授权系统单层关系模型和组织授权系统多层关系模型,并给出了相应的算例。
(5)通过对国家安全生产监督体系结构进行了分析和抽象,对人员与岗位的映射及管理方式进行了分析和设计,对大规模的组织授权系统提出了集中式部署和分散式部署。组织授权的单层关系和多层关系在应用中发挥了重要作用,从应用的角度论证了本文所提出的理论与方法的科学性与有效性。
Many activities of human society are performed with a form of organization.Organization came from the social division of labor and specialization,and becomes more complex with the progress of science and technology,and the improvement of socialized production.In modern society,because of the enlargement of scale of all kinds of activities and the complexity with environment,more complex cooperation work and labor are needed to accomplish the targets. The function of the organization is so important to be irreplaceable.The structure is a key part of an organization.The structure of government refers to the existence form of government and it comes down to work division of the internal parts and personnel.This is so close to the integration of the system.Government is defined as the body within an organization that has authority and function to make and the power to enforce laws,regulations,or rules.
The construction for informationization of China government is going forward step by step.The information security is being challenged with the deployment and application of large scale network system,so many scholars and institutes focus on the organization authorization. With the ongoing theory research and practice,OB4LAC(Organization Based 4 Levels Access Control) model plays an important role in protecting the large scale distributed system. The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The superiority of the organization authorization model can be shown with the support of the position ontology.It is an important process to construct the position ontology to realize the organization authorization structure.An algorism,based on OB4LAC,was put forward in detail for describing the relationship between user,position,role and operation by comparing with different security systems and safety verification methods. The single-layer mapping model and multi-layer mapping model were included.The author laid emphasis on the research of description about the position and its relationship with user, role and operation in distributed organization authorization system.And also the author described the component and logic rules of position in detail with OWL.
(1) Getting the organization structure,horizontal and vertical structure,this can be formalized easily by analyzing the structure of the sections and departments of the government. A position layer was added between the user layer and role layer.With the four layers, user-position-role-operation,the access control of the authorization system becomes more reasonable.And the workload of maintenance for the system was reduced greatly.This made the organization authorization was more close to the reality.
(2) The attribute data of position ontology was described,the elements components which consist of the position ontology were analyzed and the data structure of the position was designed in this paper.Some parts of the source code were given in this paper.Because of the distribution of the authorization system in practice,there is a need to collect the information from distributed information source by the OWL ontology.This can realize the user identification and operation authorization in distribution circumstance.
(3) The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The logic rules of the position ontology in organization authorization system were analyzed and summarized.The necessary logic rules for the connection of ontology in different region and layers were discussed,and followed by some examples.The rules about equivalence,identity,and otherness were described.
(4) In the reality we can indentify a person by looking,status,name,gender,age,address, and so on.The user ontology can rely on these elements to form the relation of different users. For describing the characters of user clearly in the system,the user ontology for reasoning should be created.There are different groups of user base on different systems.It is not standing alone between the users.The relationship of the users in the system is similar to the people in real life.A single-layer mapping model and a multi-layer mapping model were founded by analyzing the relationship between user,position,role and operation.And the relating examples were given.
(5) Analyzing and designing the mapping of user and position for the state administration of safety work of China.Integrated deployment and distributed deployment were both suggested in large scale organization authorization systems.Single-layer and multi-layer model played important roles in the application.
中国政府组织的信息化建设正在逐步向前推进,随着大规模网络系统的应用和部署,信息安全面临严峻的挑战,使组织授权问题受到学者和研究机构越来越多的关注,并成为研究热点。随着理论探讨的不断深入和实践经验的不断总结,OB4LAC(Organization Based 4 Levels Access Control)模型对分布式系统的安全保障起到了至关重要的作用。为了让组织授权岗位本体发挥最大的作用,就需要让组织授权岗位本体得到充分的共享。为了使得在开发组织授权岗位本体时尽可能的节省人力,就需要使得开发出的组织授权岗位本体能够被重用。组织授权岗位模型需要得到岗位本体支持才能发挥方便快捷的授权优势,同时为了实现分布式的组织授权结构,岗位本体的构建是十分重要的一环。
本文通过对现有的各种安全体系和安全验证方式的比较,基于OB4LAC提出了描述用户、岗位、角色和操作之间关系的详细算法,包括组织授权结构中的单层关系模型和多层关系模型,同时对分布式组织授权系统中的岗位及其与用户、角色和操作的关系进行了重点研究,并使用OWL对岗位的构成方式和逻辑规则进行了详细的描述。主要内容如下:
(1)组织结构涉及到组织内部各构成部分和人员的具体分工和职能划分问题,它决定组织系统的整体性、各种机构和人员之间纵横交错的权责关系、工作分工、协调、沟通的具体方法。对政府组织结构进行分析,按照现行的体系进行结构划分,得出便于模型化的组织结构形式,即横向结构和纵向结构。通过改进已有模型,在用户和角色中间增加岗位,通过“用户-岗位-角色-操作”的关系来实现用户权限的合理分配,降低系统维护工作量,使组织授权系统结构更加贴近现实,以使系统达到的最佳运行状态。面向组织授权系统,针对目前的授权模型框架方面存在的不足,给出了一种基于OB4LAC的岗位网络模型框架。
(2)分析构成岗位本体的组成元素,基于岗位本体的数据结构进行了设计,对岗位本体的属性数据进行了描述。对岗位本体的构成方式及特性进行了分析,并给出了相应的代码示例。由于现实中组织授权系统的分布性特点,所创建的相应OWL本体必须允许信息能够从分布的信息源收集起来。其中,允许组织授权岗位本体间相互联系,包括导入其他组织授权岗位本体的信息,从而实现分布式系统中的用户识别、操作授权功能。
(3)为了让组织授权岗位本体发挥最大的作用,需要让组织授权岗位本体得到充分的共享。为了使得在开发组织授权岗位本体时尽可能的节省人力,需要使得开发出的组织授权岗位本体能够被重用。分析组织授权岗位本体的逻辑结构,对构成岗位本体的组成元素进行了系统的分析和总结,对不同层次,不同区域的本体间建立关联所需的必要逻辑条件进行了分析和举例。对岗位间的等价规则、同一性规则和差异性规则进行了描述。
(4)现实中对于人的识别主要通过相貌、身份、姓名、性别、年龄、住址等进行识别,用户本体可以借鉴这些要素,并对这些要素进行分析、整理、关联,使之结构化,从而形成不同的用户本体间的关联。网络中的用户对应于现实中的人的个体。为了清晰的在系统中描述人的特征,需要建立可推理的描述用户的本体。基于不同的应用系统,有不同的用户群存在,而这些用户之间不是孤立的,这种关联与现实社会中人的关联类似。通过对用户、岗位、角色、操作的分析,文中建立了组织授权系统单层关系模型和组织授权系统多层关系模型,并给出了相应的算例。
(5)通过对国家安全生产监督体系结构进行了分析和抽象,对人员与岗位的映射及管理方式进行了分析和设计,对大规模的组织授权系统提出了集中式部署和分散式部署。组织授权的单层关系和多层关系在应用中发挥了重要作用,从应用的角度论证了本文所提出的理论与方法的科学性与有效性。
Many activities of human society are performed with a form of organization.Organization came from the social division of labor and specialization,and becomes more complex with the progress of science and technology,and the improvement of socialized production.In modern society,because of the enlargement of scale of all kinds of activities and the complexity with environment,more complex cooperation work and labor are needed to accomplish the targets. The function of the organization is so important to be irreplaceable.The structure is a key part of an organization.The structure of government refers to the existence form of government and it comes down to work division of the internal parts and personnel.This is so close to the integration of the system.Government is defined as the body within an organization that has authority and function to make and the power to enforce laws,regulations,or rules.
The construction for informationization of China government is going forward step by step.The information security is being challenged with the deployment and application of large scale network system,so many scholars and institutes focus on the organization authorization. With the ongoing theory research and practice,OB4LAC(Organization Based 4 Levels Access Control) model plays an important role in protecting the large scale distributed system. The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The superiority of the organization authorization model can be shown with the support of the position ontology.It is an important process to construct the position ontology to realize the organization authorization structure.An algorism,based on OB4LAC,was put forward in detail for describing the relationship between user,position,role and operation by comparing with different security systems and safety verification methods. The single-layer mapping model and multi-layer mapping model were included.The author laid emphasis on the research of description about the position and its relationship with user, role and operation in distributed organization authorization system.And also the author described the component and logic rules of position in detail with OWL.
(1) Getting the organization structure,horizontal and vertical structure,this can be formalized easily by analyzing the structure of the sections and departments of the government. A position layer was added between the user layer and role layer.With the four layers, user-position-role-operation,the access control of the authorization system becomes more reasonable.And the workload of maintenance for the system was reduced greatly.This made the organization authorization was more close to the reality.
(2) The attribute data of position ontology was described,the elements components which consist of the position ontology were analyzed and the data structure of the position was designed in this paper.Some parts of the source code were given in this paper.Because of the distribution of the authorization system in practice,there is a need to collect the information from distributed information source by the OWL ontology.This can realize the user identification and operation authorization in distribution circumstance.
(3) The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The logic rules of the position ontology in organization authorization system were analyzed and summarized.The necessary logic rules for the connection of ontology in different region and layers were discussed,and followed by some examples.The rules about equivalence,identity,and otherness were described.
(4) In the reality we can indentify a person by looking,status,name,gender,age,address, and so on.The user ontology can rely on these elements to form the relation of different users. For describing the characters of user clearly in the system,the user ontology for reasoning should be created.There are different groups of user base on different systems.It is not standing alone between the users.The relationship of the users in the system is similar to the people in real life.A single-layer mapping model and a multi-layer mapping model were founded by analyzing the relationship between user,position,role and operation.And the relating examples were given.
(5) Analyzing and designing the mapping of user and position for the state administration of safety work of China.Integrated deployment and distributed deployment were both suggested in large scale organization authorization systems.Single-layer and multi-layer model played important roles in the application.
引文
[1]蔡立辉.电子政务:信息时代的政府再造.北京:中国社会科学出版社,2004.
[2]Purcareal,Anca Alexandra,Fleaca,Elena.Toward a system approach for power and influence in organization.UPB Scientific Bulletin,Series D:Mechanical Engineering,v 69,n 2,p 93-104,2007
[3]Kushtina,Emma,Zaikin,Oleg,Rozewski,Przemysaw,Maachowski,Bartomiej.Cost estimation algorithm and decision-making model for curriculum modification in educational organization.European Journal of Operational Research,v 197,n 2,p 752-763,September 1,2009
[4]Price,Colin,Roxburgh,Charles,Turnbull,David.Strategizing and Organizing for Performance and Health.Long Range Planning,v 39,n 6,p 649-662,December 2006.
[5]Zhang,Haizheng,Lesser,Victor.Forming and searching content-based hierarchical agent clusters in distributed information retrieval systems.Web Intelligence and Agent Systems,v 4,n 4,p 353-370,2006
[6]Lim,Eun-Pa,Simmonds,Ian.Southern hemisphere winter extratropical cyclone characteristics and vertical organization observed with the ERA-40 data in 1979-2001.Journal of Climate,v 20,n 11,p 2675-2690,June 1,2007
[7]Lui,Richard W.C.,Hui,Lucas C.K.,Yiu,S.M..Delegation with supervision.Information Sciences,v 177,n 19,p 4014-4030,October 1,2007
[8]Vat,Kam Hou.Developing a learning organization model for problem-based learning:The emergent lesson of education from the IT trenches.Journal of Cases on Information Technology,v 8,n 2,p 82-109,2006
[9]American National Standards Institnte.Criteria for performance excellence-Malcolm Baldrige National Quality Program[S],2007.
[10]Reinhardt A Botha,Jan H P Eloff.Separation of duties for access control enforcement in workflow environments[J].IBM Systems Journal,2001,40(3):6662682.
[11]Kumar A.A framework for handling delegation in workflow management systems[C].Proceedings of Work shop on Information,Charlotte,NC,1999.
[12]Botha R A,Eloff J H P.Designing role hierarchies for access control in workflow systems[C].Computer Software and Applications Conference,2001.COMPSAC 2001.25th Annual International,2001,117 2122.
[13]Castano S,Casati F,FuginiM.Managing workflow authorization constraints through active database technology[J].Information Systems Frontiers,2001,3(3):2.
[14]Liu Jianxun et al.Study on the application of role2based access control in workflow management system[J].Mini Micro Systems,2003,24(6):106721070.
[15]Zhang Long-Hua,Ahn Gail-Joon,Chu Bei-Tseng.A rule-based framework for role-based delegation.In:Proceedings of the 6th ACM Symposium on Access Control Models and Technologies,Chantilly,Virginia,USA,2001,153-162.
[16]Zhang Xin-wen,Oh Sejong,Sandhu R..PBDM:A flexible delegation model in RBAC.In:Proceedings of the 8th Symposium on Access Control Models and Technologies,Como,Italy,2003,149-157.
[17]Stoupa K.,Vakali A.,Li Fang,Tsoukalas I..XML-based revocation and delegation in a distributed environment.In:Proceedings of the EDBT Internatinal Workshop on Database Technologies for Handling XML information on the Web,Heraklion,Greece 2004,299-308.
[18]于淼,王延章.基于角色网络模型的电子政务系统框架的研究与实现.计算机工程与应用.2003,12(0031):31-35.
[19]Lee Hyung-Hyo,Lee Yonung-Rok,Noh Bong-Ham.A new role-based delegation model using sub-role Hierarchies.In:Proceedings of the 18th International Symposium on Computer and Information Sciences,Antalya,Turkey,2003,811-818
[20]于淼,王延章.一种基于角色网络模型的电子政务系统框架及其实现研究[J].计算机工程与应用,2003,(12):31-35.
[21]于淼,王延章,刘继山.支持政务流程再造的电子政务系统平台设计[J].计算机集成制造系统2CIMS,2004,10(3):352-358.
[22]Foster I.,Kesselman C.,Tuecke S..The anatomy of the grid.International Journal of High performance Computing Applications,2001,15(3):200-222.
[23]俞坚,韩燕波.面向服务的计算——原理及应用,北京:清华大学出版社,2006.
[24]Han Y.,Geng H.,Li H.et al.VINCA—A visual and personalized business-level composition language for chaining Web-based services.In:Proceedings of the 1st International Conference on Service-Oriented Computing,Trento,Italy,2003,165-177.
[25]Foster 1.,Kesselman C.,Pearlman L.,Tueeke S.,Welch V..The community authorization service:Status and future.In:Proceedings of the Computing in High Energy Physics,La Jolla,California,USA,2003.
[26]Alferi R.,Cecchini R.,Ciaschini V.et al.From gridmap-fi]e to VOMS:Managing authorization ina grid environment.Future Generation Computer Systems Journal,2005,21(4):549-588.
[27]Sandhu R.S.,Coyne E.J.,Feinstein H.L.,Youman C.E..Role-based control models.IEEE Computer,1996,29(2):38-47.
[28]David F.Ferriolo et al.Proposed NIST standard for role-based access control.ACM Transactions on Information and System Security,2001,4(3):224-274.
[29]Barka E.,Sandhu R.,Framework for role-based delegation model.In:Proceedings of the 23rd National Information Systems Security Conference,Baltimore,MD,2000,101-104.
[30]Zhang Long-Hua,Ahn Gail-Joon,Chu Bei-Tseng.A rule-based framework for role-based delegation.In:Proceedings of the 6th ACM Symposium on Access Control Models and Technologies,Chantilly,Virginia,USA,2001,153-162.
[31]Zhang Xin-wen,Oh Sejong,Sandhu R..PBDM:A flexible delegation model in RBAC.In:Proceedings of the 8th Symposium on Access Control Models and Technologies,Como,Italy,2003,149-157.
[32]Stoupa K.,Vakali A.,Li Fang,Tsoukalas I..XML-based revocation and delegation in a distributed environment.In:Proceedings of the EDBT Internatinal Workshop on Database Technologies for Handling XML information on the Web,Heraklion,Greece 2004,299-308.
[33]赵庆松,孙玉芳,孙波.RPRDM——基于重复和部分角色的转授权模型.计算机研究与发展,2003,40(2):221-227.
[34]Lee Hyung-Hyo,Lee Yonung-Rok,Noh Bong-Ham.A new role-based delegation model using sub-role Hierarchies.In:Proceedings of the 18th International Symposium on Computer and Information Sciences,Antalya,Turkey,2003,811-818.
[35]Sandhu R.,Bhamidipati V.,Munawer Q.The ARBAC97 model for role-based administration of roles.ACM Transactions on Information and System Security,1999,2(1):105-135.
[36]孙波,赵庆松,孙玉芳.TRDM—具有时限的基于角色的转授权模型.计算机研究与发展,2004.41(7):1104-1109.
[37]Osborn S.,Sandhu R.,Munawer Q.Configuring role-based access control to enforce mandatory and discretionary access control policies.ACM Transactions on Information and Systems Security,2000,3(2):85-106.
[38]Sandhu RS,Coyne EJ,Feinstein HL,Youman CE.Role-Based access control models.IEEE Computer,1996,29(2):38 47.
[39]Sandhu RS.Rationale for the RBAC96 family of access control models.In:Youman C,Sandhu R,Coyne E,eds.Proc.of the 1st ACM Workshop on Role-Based Access Control.New York:ACM Press,1996.
[40]Ferraiolo D,Kuhn R.Role-Based access control.In:Proc.of the 15th National Computer Security Conf.1992.554 563.http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf
[41]ANSI INCITS 359-2004.Role Based Access Control.American National Standard for Information Technology,2004.
[42]Chen F,Sandhu R.Constraints for role-based access control.In:Youman C,Sandhu R,Coyne E,eds.Proc.of the 1st ACM Workshop on Role-Based Access Control.New York:ACM Press,1996.
[43]Gligor VD,Gavrila SI,Ferraiolo D.On the formal definition of separation-of-duty policies and their composition.In:Proc.of the 1998 IEEE Computer Society Symp.on Research in Security and Privacy.Washington,DC:IEEE Computer Society Press,1998.172 183.
[44]Jaeger T.On the increasing importance of constraints.In:Proc.of the 4th ACM Workshop on Role-Based Access Control.New York:ACM Press,1999.33 42.http://portal,acm.org/ft_gateway.cfm?id=319175&type=pdf
[45]Bertino E,Bonatti PA,Ferrari E.TRBAC:A temporal role-based access control model.ACM Trans,on Information and System Security,2001,4(3):191 233.
[46]Joshi JBD,Bertino E,Ghafoor A.Temporal hierarchy and inheritance semantics for GTRBAC.In:Proc.of the 7th ACM Symp.On Access Control Models and Technologies.New York:ACM Press,2002.74 83.http://shay.ecn.purdue.edu/~dmultlab/Security/sacmat2002.pdf
[47]Joshi JBD,Shafiq B,Ghafoor A,Bertino E.Dependencies and separation of duty constraints in GTRBAC.In:Proc.of the 8th ACM Symp.on Access Control Models and Technologies.New York:ACM Press,2003.51 64.http://shay.ecn.purdue.edu/"dmultlab/Security/p313-joshi.pdf
[48]Ahn GJ,Sandhu R.Role-Based authorization constraints specification.ACM Trans.on Information and System Security,2000,3(4):207 226.
[49]Dong GY,Qing SH,Liu KL.Role-Based authorization constraint with time character.Journal of Software,2002,13(8):1521 1527(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/13/1521.pdf
[50]Bertino E,Bonatti PA,Ferrari E.TRBAC:A temporal role-based access control model.ACM Trans,on Information and System Security,2001,4(3):191 233.
[51]Joshi JBD,Bertino E,Ghafoor A.Temporal hierarchy and inheritance semantics for GTRBAC.In:Proc.of the 7th ACM Symp.On Access Control Models and Technologies.New York:ACM Press,2002.74 83.http://shay.ecn.purdue.edu/~dmultlab/Security/sacmat2002.pdf
[52]Huaiming Li,Yanzhang Wang,Feng Ding,Tian Ma,Research and realization of information exchange and share platform for municipal government,2006 IEEE International Conference on Service Operations and Logistics,and Informatics.
[53]Xu Z,Feng DG,Li L,Chen H.UC-RBAC:A usage constrained role-base access control model.In:Qing SH,Gollmann D,Zhou TY,eds.Proc.of the 5th Int'1 Conf.on Information and Communications Security.LNCS 2836,Heidelberg:Springer-Verlag,2003.337 347.
[54]Barka E,Sandhu R.Framework for role-based delegation models[C].Proceedings of the 16th Annual Computer Security Applications Conference,New Orleans:IEEE Press,2000:168-176.
[55]Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 model for role-based administration of roles[J].ACM Transactions on Information and System Security,1999,2(1):105-135.
[56]Barka E,Sandhu R.A role-based delegation model and some extensions[C].Proceedings of 23rd National Information Systems Security Conference,Baltimore:NIST,2000:101-114.
[57]Zhang L H,Ahn G J,Chu B T.A rule-based framework for rolebased delegation[J].ACM Trans on Information and System Security,2003,6(3):404-441.
[58]Barka E,Sandhu R.Role-based delegation model/hierarchical roles(RBDM1)[C].Proceedings of the 20th Annual Computer Security Application Conference,Washington,DC:IEEE Press,2004:396-404.
[59]洪帆,段素娟,黎成兵.基于图的委托授权模型[J].北京邮电大学学报,2005,28(6):5-8.
[60]徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978.
[61]郭太生:美国公共安全危机事件应急管理研究.中国人民公安大学学报2003 19(6):16-25.
[62]顾林生.东京大城市防灾应急管理体系及启示.防灾技术高等专科学校学报,2005,7(2):5-13.
[63]Bammidi,P.;Moore,K.L;Emergency management systems:a systems approach,Volume 2,2-5 Oct.1994 Page(s):1565-1570 vol.2
[64]姚杰,池宏,计雷.带有潜变量的结构方程模型在突发事件应急管理中的应用.中国管理科学,2005,02.
[65]Nakatani,N.:Yamasaki,S.;Takahashi,K.:Hijikata,Y.;Communication support system for emergency management,SICE 2002.Proceedings of the 41st SICE Annual Conference,Volume 3,5-7 Aug.2002 Page(s):1647-1650.
[66]罗伯特.希斯著,王成等译,危机管理.中信出版社,2000.
[67]杨尔弘;突发事件信息提取研究(博士论文).北京语言大学 2005,6.
[68]姚杰,计雷,池宏;突发事件应急管理中的动态博弈分析.应用研究,2005,17(3):46-51.
[69]Brady,T.F.;Emergency management:capability analysis of critical incident response Simulation Conference,2003.Proceedings of the 2003 Winter Volume 2,7-10 Dec.2003 Page(s):1863-1867
[70]Atoji,Y.;Koiso,T.;Information filtering for emergency management Robot and Human Interactive Communication,2000.RO-MAN 2000.Proceedings.9th IEEE International Workshop on 27-29 Sept.2000 Page(s):96-100.
[71]Diniz,V.B.;Borges,M.R.S.;Gomes,J.O.;Canos,J.H.;Knowledge management support for collaborative emergency response,Computer Supported Cooperative Work in Design,2005.Proceedings of the Ninth International Conference on Volume 2,24-26 May 2005 Page(s):1188-1193.
[72]管春,胡军:基于Java的远程应急群体决策支持系统方案传输系统的实现.系统工程理论方法应用,2003,01.
[73]郑晓军,王奕首:滕弘飞:应急系统开发与应用.计算机应用研究,2006,01.
[74]刘焕成:刘永:社会突发事件应急信息系统构建研究.情报科学,2005,12.
[75]王文俊:突发公共事件应急信息系统及其技术体系.信息化建设,2005,09.
[76]谷岩,冯华:智能化城市防灾救灾应急处理支持系统的研究.计算机工程与设计,2005,06
[77]陈建军,袁玉平;应急指挥系统建设方案设计与研究.武汉理工大学学报(信息与管理工程版),2005,02.
[78]Josefa Z.Hernandez,Juan M.Serranob;Knowledge-based models for emergency management systems,Expert Systems with Applications 20(2001) 173-181.
[79]彭斐章.树木情报需求与服务组织.武汉:武汉大学出版社,2000.
[80]刘家真.电子文件管理理论与实践.北京:科学出版社,2003.
[81]拉塞尔·M·休登.无缝隙政府:公共部门再造指南.北京:中国人民大学出版社,2002.
[82]B·盖伊·彼得斯.政府未来的治理模式.北京:中国人民大学出版社,2001.
[83]欧文·E·休斯.公共管理导论.北京:中国人民大学出版社,2001.
[84]徐晓林.电子政务导论.武汉:武汉出版社,2002.
[85]姚国章.电子政务基础用与应用.北京:北京大学出版社,2003.
[86]DoD 5200.28-STD,Department of Defense Trusted Computer System Evaluation Criteria.Department of Defense Standard,1983.
[87]Ravi S.Sandhu.Role Hierarchies and Constraints for Lattice-Based Access Control.Proc.Fourth European Symposium on Research in computer Security,Rome,Italy,Sep.25-27,1996.
[88]Li chengkai,Zhan Yongzhao,Mao Bing Xie Li.A Role-Based Access Control Model for CSCW Systems.Journal of Software,2000,11(7):931-937.
[89]刘琼波,施军,尤晋元.分布式环境下的访问控制.计算机研究与发展,2001,38(6):735-740.
[90]李立新,陈伟民,黄尚廉.强制访问控制在基于角色的安全系统中的实现.软件学报,2000,11(10),1320-1324.
[91]Avigdor Gal,Vijayalakshmi Atluri.An Authorization model for temporal data.Proceeding of the 7th ACM conference on Computer and communication security,2000,144-153.
[92]Martin S Olivier,Reind P van de Riet,Ehud Gudes.Specifying Application-level Security in Workflow Systems.DEXA Workshop 1998:346-351.
[93]R.K.Thomas and R.S.Sandhu.Task-based Authorization Controls(TBAC):A Family of Models for Active and Enterprise-oriented Authorization Management.Proceeding of the IFIP WG11.3 Workshop on Database Security,Lake Tahoe,California,August 11-13,1997.
[94]Marc Wilikens,Simone Feriti,Alberto Sanna,Marcelo Masera.A context-related authorization and access control method based on RBAC,Seventh ACM Symposium on Access Control Models and Technologies,2002,117-124.
[95]Jonathon E.Tidswell,Trent Jaeger.Integrated Constraints and Inheritance in DTAC.Proceedings of the fifth ACM workshop on ROLE-based access control,2000.
[96]尹建伟.基于Web架构智能分布式柔性工作流管理系统-WideFlow研究及实现(博士学位论文).杭州:浙江大学,2001.
[97]Konstantin Beznosov.Engineering Access Control for Distributed Enterprise Application.2000.
[98]梅苏文,高县明,刘文林等.基于角色权限管理模型的设计与实现.现代计算机.2002,151:10-1.
[99]刘宏月,范九伦,马建峰.访问控制技术研究进展.小型微型计算机系统.2004,25(1):56-59.
[100]于淼,王延章.公文流转中操作活动的分解和管理.计算机工程.2003,22(29):18-21.
[101]柴晓路,梁宇奇.Web Services技术、架构和应用.北京:电子工业出版社,2003.6:6-23.
[102]戴荣、马方平、吴键等译.构建XML Web服务—基于Microsoft.Net平台.北京:清华大学出版社,2002.10.
[103]Jerry Foster,Mick Porter.Developing Web Services with Java APIs for XML Using WSDP.Syngress Publishing,Inc.2002:234-285.
[104]Doug Tidwell,James Snell.Programming Web Services with SOAP.O' Reilly.2001:146-187.
[105]Steve Graham,Simeon Simeonov.Building Web Services with Java TM:Making Sense of XML,SOAP,WSDL,and UDDI.Sams Publishing.2001:212-248.
[106]刘小红.证书状态信息分发方法研究和系统设计:(博士学位论文).杭州:浙江大学,2001.
[107]Balfanz D.,Durfee,G.,Smetters,D.K.,Grinter,R.E..In search of usable security:five lessons from the field.Security & Privacy Magazine,2004,5(2):19-2.
[108]Lee,Hannah K.Unraveling decentralized authorization for multi-domain collaborations.Proceedings of the 3rd International Conference on Collaborative Computing:Networking,Applications and Worksharing,CollaborateCom 2007,p 33-40,2007.
[109]Sohr,Karsten,Mustafa,Tanveer,Bao,Xinyu,Ahn,Gail-Joon.Enforcing role-based access control policies in Web Services with UML and OCL.Proceedings-Annual Computer Security Applications Conference,ACSAC,p 257-266,2008.
[110]Royer,Julio C.,Willrich,Roberto,Diaz,Michel.User profile-based authorization policies for network QoS services.Proceedings of the 7th IEEE International Symposium on Networking Computing and Applications,NCA 2008,p 68-75,2008.
[111]Pereira,Anil L.,Muppavarapu,Vineela,Chung,Soon M..Role-based access control for grid database services using the community authorization service.IEEE Transactions on Dependable and Secure Computing,v 3,n 2,p 156-166,April/June 2006.
[112]Castro,R.,L6pez,D.R.,Vega,J..An authentication and authorization infrastructure:The PAPI system.Fusion Engineering and Design,v 81,n 15-17 SPEC.ISS.,p 2057-2061,July 2006.
[113]Danfeng,Yao,Tamassia,Roberto.Cascaded authorization with anonymous-signer aggregate signatures.Proceedings of the 2006 IEEE Workshop on Information Assurance,v 2006,p 84-91,2006.
[114]Warner,Janice,Atluri,Vijayalakshmi.Inter-instance authorization constraints for secure workflow management.Proceedings of ACM Symposium on Access Control Models and Technologies,SACMAT,v 2006,p 190-199.
[115]Fugkeaw,Somchart,Manpanpanich,Piyawit,Juntapremjitt,Sekpon.Adding SAML to two-factor authentication and single sign-on model for dynamic access control.2007 6th International Conference on Information,Communications and Signal Processing,ICICS,2007.
[116]Haupt,Tomasz,Kalyanasundaram,Anand,Zhuk,Igor.Architecture for a secure distributed repository.Proceedings-IEEE/ACM International Workshop on Grid Computing,p 200-206,200.
[117]Pereira,Anil L.,Muppavarapu,Vineela,Chung,Soon M..Role-based access control for grid database services using the community authorization service.IEEE Transactions on Dependable and Secure Computing,v 3,n 2,p 156-166,April/June 2006
[118]Castro,R.,Lopez,D.R.,Vega,J..An authentication and authorization infrastructure:The PAPI system.Fusion sEngineering and Design,v 81,n 15-17 SPEC.ISS.,p 2057-2061,July 2006
[119]Yao,Danfeng,Tamassia,Roberto.Compact and anonymous role-based authorization chain.ACM Transactions on Information and System Security,v 12,n 3,January 1,2009
[120]Takahashi,Kazuhide,Kon,Takashi,Akiyama,Kazuyoshi,Jinguji,Makoto.A practical network management system based on an organization hierarchy mobile agent model.Electronics and Communications in Japan,Part Ⅱ:Electronics(English translation of Denshi Tsushin Gakkai Ronbunshi),v 90,n 10,p 84-102,October 2007
[121]Wilson,John A.Structural matters in HTSC:The origin and form of stripe organization and checkerboarding.Journal of Physics Condensed Matter,v 18,n 6,p R69-R99,Febrary 15,2006
[122]Ahituv,Niv,Carmi,Nava.Measuring the power of information in organizations.Human Systems Management,v 26,n 4,p 231-246,2007
[123]Muthaiyah,Saravanan,Kerschberg,Larry.Virtual organization security policies:An ontology-based integration approach.Information Systems Frontiers,v 9,n 5,p 505-514,November 2007
[124]Laccetti,G.,Schmid,G..A framework model for grid security.Future Generation Computer Systems,v 23,n 5,p 702-713,June 2007
[125]Bessonov,A.B..Organizational-legal support for the information security of an organization.Scientific and Technical Information Processing,v 35,n 5,p 215-227,2008
[126]David J.Enhancing owl ontologies with relation semantics Kothari,Cartik R..Russomanno.International Journal of Software Engineering and Knowledge Engineering,v 18,n 3,p 327-356,May 2008.
[127]Wyner,Adam.An ontology in OWL for legal case-based reasoning.Artificial Intelligence and Law,v 16,n 4,p 361-387,December 2008.
[128]Dietrich Jens,Jones Nathan,Wright Jevon.Using social networking and semantic web technology in software engineering-Use cases,patterns,and a case study.Journal of Systems and Software,v 81,n 12,p 2183-2193,December 2008.
[129]Horrocks Ian.Ontologies and the semantic web.Communications of the ACM,v 51,n 12,p 58-67,December 1,2008.
[130]Rodrigues Toni,Rosa Pedro,Cardoso Jorge.Moving from syntactic to semantic organizations using JXML20WL.Computers in Industry,v 59,n 8,p 808-819,October 2008
[131]Bhiri Sami,Gaaloul Walid,Rouached Mohsen,Hauswirth Manfred.Semantic web services for satisfying SOA requirements.Lecture Notes in Computer Science(including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),v 4891 LNCS,p 374-395,2008,Advances in Web Semantics I-Ontologies
[132]Fenza Giuseppe,Loia Vincenzo,Senatore Sabrina.A hybrid approach to semantic web services matchmaking.International Journal of Approximate Reasoning,v 48,n 3,p 808-828,August 2008
[133]Eiter Thomas,Ianni Giovambattista,Lukasiewicz Thomas,Schindlauer Roman,Tompits Hans.Combining answer set programming with description logics for the Semantic Web.Artificial Intelligence,v 172,n 12-13,p 1495-1539,August 2008
[134]Lukasiewicz,Thomas.Probabilistic description logic programs under inheritance with overriding for the Semantic Web.International Journal of Approximate Reasoning,v 49,n 1,p 18-34,September 2008
[135]Golbeck Jennifer,Hendler James.A semantic web approach to the provenance challenge.Concurrency Computation Practice and Experience,v 20,n 5,p 431-439,April 10,2008
[136]Neri Mario Arrigoni,Colombetti Marco.Ontology-based learning objects search and courses generation.Applied Artificial Intelligence,v 23,n 3,p 233-260,March 2009
[137]Tripathi Uttam Kumar,Hinkelmann Knut,Feldkamp Daniela.Life cycle for change management in business processes using semantic technologies.Journal of Computers,v 3,n 1,p 24-31,January 2008
[138]Brogi Antonio,Corfini Sara,Popescu Razvan.Semantics-based composition-oriented discovery of Web services.ACM Transactions on Internet Technology,v 8,n 4,September 1,2008
[139]Izza Said.Integration of industrial information systems:From syntactic to semantic integration approaches.Enterprise Information Systems,v 3,n 1,p 1-57,2009
[140]Bitters Barry.Spatial relationship networks:Network theory applied to G1S data.Cartography and Geographic Information Science,v 36,n 1,p 81-93,January 2009
[141]Salam A.F.Semantic supplier contract monitoring and execution DSS architecture.International Journal of Intelligent Information Technologies,v 4,n 3,p 1-26,July/September 2008
[142]Haarslev Volker,Miller Ralf.On the scalability of description logic instance retrieval.Journal of Automated Reasoning,v 41,n 2,p 99-142,August 2008
[143]Halaschek-Wiener Christian,Kolovski Vladimir.Syndication on the Web using a description logic approach.Web Semantics,v 6,n 3,p 171-190,September 2008
[144]Ohayon Shay,Harmening Wolf,Wagner Hermann,Rivlin Ehud.Through a barn owl's eyes:Interactions between scene content and visual attention.Biological Cybernetics,v 98,n 2,p 115-132,February 2008
[145]Savvas Ioannis,Bassiliades Nick.A process-oriented ontology-based knowledge management system for facilitating operational procedures in public administration.Expert Systems with Applications,v 36,n 3 PART 1,p 4467-4478,April 2009
[2]Purcareal,Anca Alexandra,Fleaca,Elena.Toward a system approach for power and influence in organization.UPB Scientific Bulletin,Series D:Mechanical Engineering,v 69,n 2,p 93-104,2007
[3]Kushtina,Emma,Zaikin,Oleg,Rozewski,Przemysaw,Maachowski,Bartomiej.Cost estimation algorithm and decision-making model for curriculum modification in educational organization.European Journal of Operational Research,v 197,n 2,p 752-763,September 1,2009
[4]Price,Colin,Roxburgh,Charles,Turnbull,David.Strategizing and Organizing for Performance and Health.Long Range Planning,v 39,n 6,p 649-662,December 2006.
[5]Zhang,Haizheng,Lesser,Victor.Forming and searching content-based hierarchical agent clusters in distributed information retrieval systems.Web Intelligence and Agent Systems,v 4,n 4,p 353-370,2006
[6]Lim,Eun-Pa,Simmonds,Ian.Southern hemisphere winter extratropical cyclone characteristics and vertical organization observed with the ERA-40 data in 1979-2001.Journal of Climate,v 20,n 11,p 2675-2690,June 1,2007
[7]Lui,Richard W.C.,Hui,Lucas C.K.,Yiu,S.M..Delegation with supervision.Information Sciences,v 177,n 19,p 4014-4030,October 1,2007
[8]Vat,Kam Hou.Developing a learning organization model for problem-based learning:The emergent lesson of education from the IT trenches.Journal of Cases on Information Technology,v 8,n 2,p 82-109,2006
[9]American National Standards Institnte.Criteria for performance excellence-Malcolm Baldrige National Quality Program[S],2007.
[10]Reinhardt A Botha,Jan H P Eloff.Separation of duties for access control enforcement in workflow environments[J].IBM Systems Journal,2001,40(3):6662682.
[11]Kumar A.A framework for handling delegation in workflow management systems[C].Proceedings of Work shop on Information,Charlotte,NC,1999.
[12]Botha R A,Eloff J H P.Designing role hierarchies for access control in workflow systems[C].Computer Software and Applications Conference,2001.COMPSAC 2001.25th Annual International,2001,117 2122.
[13]Castano S,Casati F,FuginiM.Managing workflow authorization constraints through active database technology[J].Information Systems Frontiers,2001,3(3):2.
[14]Liu Jianxun et al.Study on the application of role2based access control in workflow management system[J].Mini Micro Systems,2003,24(6):106721070.
[15]Zhang Long-Hua,Ahn Gail-Joon,Chu Bei-Tseng.A rule-based framework for role-based delegation.In:Proceedings of the 6th ACM Symposium on Access Control Models and Technologies,Chantilly,Virginia,USA,2001,153-162.
[16]Zhang Xin-wen,Oh Sejong,Sandhu R..PBDM:A flexible delegation model in RBAC.In:Proceedings of the 8th Symposium on Access Control Models and Technologies,Como,Italy,2003,149-157.
[17]Stoupa K.,Vakali A.,Li Fang,Tsoukalas I..XML-based revocation and delegation in a distributed environment.In:Proceedings of the EDBT Internatinal Workshop on Database Technologies for Handling XML information on the Web,Heraklion,Greece 2004,299-308.
[18]于淼,王延章.基于角色网络模型的电子政务系统框架的研究与实现.计算机工程与应用.2003,12(0031):31-35.
[19]Lee Hyung-Hyo,Lee Yonung-Rok,Noh Bong-Ham.A new role-based delegation model using sub-role Hierarchies.In:Proceedings of the 18th International Symposium on Computer and Information Sciences,Antalya,Turkey,2003,811-818
[20]于淼,王延章.一种基于角色网络模型的电子政务系统框架及其实现研究[J].计算机工程与应用,2003,(12):31-35.
[21]于淼,王延章,刘继山.支持政务流程再造的电子政务系统平台设计[J].计算机集成制造系统2CIMS,2004,10(3):352-358.
[22]Foster I.,Kesselman C.,Tuecke S..The anatomy of the grid.International Journal of High performance Computing Applications,2001,15(3):200-222.
[23]俞坚,韩燕波.面向服务的计算——原理及应用,北京:清华大学出版社,2006.
[24]Han Y.,Geng H.,Li H.et al.VINCA—A visual and personalized business-level composition language for chaining Web-based services.In:Proceedings of the 1st International Conference on Service-Oriented Computing,Trento,Italy,2003,165-177.
[25]Foster 1.,Kesselman C.,Pearlman L.,Tueeke S.,Welch V..The community authorization service:Status and future.In:Proceedings of the Computing in High Energy Physics,La Jolla,California,USA,2003.
[26]Alferi R.,Cecchini R.,Ciaschini V.et al.From gridmap-fi]e to VOMS:Managing authorization ina grid environment.Future Generation Computer Systems Journal,2005,21(4):549-588.
[27]Sandhu R.S.,Coyne E.J.,Feinstein H.L.,Youman C.E..Role-based control models.IEEE Computer,1996,29(2):38-47.
[28]David F.Ferriolo et al.Proposed NIST standard for role-based access control.ACM Transactions on Information and System Security,2001,4(3):224-274.
[29]Barka E.,Sandhu R.,Framework for role-based delegation model.In:Proceedings of the 23rd National Information Systems Security Conference,Baltimore,MD,2000,101-104.
[30]Zhang Long-Hua,Ahn Gail-Joon,Chu Bei-Tseng.A rule-based framework for role-based delegation.In:Proceedings of the 6th ACM Symposium on Access Control Models and Technologies,Chantilly,Virginia,USA,2001,153-162.
[31]Zhang Xin-wen,Oh Sejong,Sandhu R..PBDM:A flexible delegation model in RBAC.In:Proceedings of the 8th Symposium on Access Control Models and Technologies,Como,Italy,2003,149-157.
[32]Stoupa K.,Vakali A.,Li Fang,Tsoukalas I..XML-based revocation and delegation in a distributed environment.In:Proceedings of the EDBT Internatinal Workshop on Database Technologies for Handling XML information on the Web,Heraklion,Greece 2004,299-308.
[33]赵庆松,孙玉芳,孙波.RPRDM——基于重复和部分角色的转授权模型.计算机研究与发展,2003,40(2):221-227.
[34]Lee Hyung-Hyo,Lee Yonung-Rok,Noh Bong-Ham.A new role-based delegation model using sub-role Hierarchies.In:Proceedings of the 18th International Symposium on Computer and Information Sciences,Antalya,Turkey,2003,811-818.
[35]Sandhu R.,Bhamidipati V.,Munawer Q.The ARBAC97 model for role-based administration of roles.ACM Transactions on Information and System Security,1999,2(1):105-135.
[36]孙波,赵庆松,孙玉芳.TRDM—具有时限的基于角色的转授权模型.计算机研究与发展,2004.41(7):1104-1109.
[37]Osborn S.,Sandhu R.,Munawer Q.Configuring role-based access control to enforce mandatory and discretionary access control policies.ACM Transactions on Information and Systems Security,2000,3(2):85-106.
[38]Sandhu RS,Coyne EJ,Feinstein HL,Youman CE.Role-Based access control models.IEEE Computer,1996,29(2):38 47.
[39]Sandhu RS.Rationale for the RBAC96 family of access control models.In:Youman C,Sandhu R,Coyne E,eds.Proc.of the 1st ACM Workshop on Role-Based Access Control.New York:ACM Press,1996.
[40]Ferraiolo D,Kuhn R.Role-Based access control.In:Proc.of the 15th National Computer Security Conf.1992.554 563.http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf
[41]ANSI INCITS 359-2004.Role Based Access Control.American National Standard for Information Technology,2004.
[42]Chen F,Sandhu R.Constraints for role-based access control.In:Youman C,Sandhu R,Coyne E,eds.Proc.of the 1st ACM Workshop on Role-Based Access Control.New York:ACM Press,1996.
[43]Gligor VD,Gavrila SI,Ferraiolo D.On the formal definition of separation-of-duty policies and their composition.In:Proc.of the 1998 IEEE Computer Society Symp.on Research in Security and Privacy.Washington,DC:IEEE Computer Society Press,1998.172 183.
[44]Jaeger T.On the increasing importance of constraints.In:Proc.of the 4th ACM Workshop on Role-Based Access Control.New York:ACM Press,1999.33 42.http://portal,acm.org/ft_gateway.cfm?id=319175&type=pdf
[45]Bertino E,Bonatti PA,Ferrari E.TRBAC:A temporal role-based access control model.ACM Trans,on Information and System Security,2001,4(3):191 233.
[46]Joshi JBD,Bertino E,Ghafoor A.Temporal hierarchy and inheritance semantics for GTRBAC.In:Proc.of the 7th ACM Symp.On Access Control Models and Technologies.New York:ACM Press,2002.74 83.http://shay.ecn.purdue.edu/~dmultlab/Security/sacmat2002.pdf
[47]Joshi JBD,Shafiq B,Ghafoor A,Bertino E.Dependencies and separation of duty constraints in GTRBAC.In:Proc.of the 8th ACM Symp.on Access Control Models and Technologies.New York:ACM Press,2003.51 64.http://shay.ecn.purdue.edu/"dmultlab/Security/p313-joshi.pdf
[48]Ahn GJ,Sandhu R.Role-Based authorization constraints specification.ACM Trans.on Information and System Security,2000,3(4):207 226.
[49]Dong GY,Qing SH,Liu KL.Role-Based authorization constraint with time character.Journal of Software,2002,13(8):1521 1527(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/13/1521.pdf
[50]Bertino E,Bonatti PA,Ferrari E.TRBAC:A temporal role-based access control model.ACM Trans,on Information and System Security,2001,4(3):191 233.
[51]Joshi JBD,Bertino E,Ghafoor A.Temporal hierarchy and inheritance semantics for GTRBAC.In:Proc.of the 7th ACM Symp.On Access Control Models and Technologies.New York:ACM Press,2002.74 83.http://shay.ecn.purdue.edu/~dmultlab/Security/sacmat2002.pdf
[52]Huaiming Li,Yanzhang Wang,Feng Ding,Tian Ma,Research and realization of information exchange and share platform for municipal government,2006 IEEE International Conference on Service Operations and Logistics,and Informatics.
[53]Xu Z,Feng DG,Li L,Chen H.UC-RBAC:A usage constrained role-base access control model.In:Qing SH,Gollmann D,Zhou TY,eds.Proc.of the 5th Int'1 Conf.on Information and Communications Security.LNCS 2836,Heidelberg:Springer-Verlag,2003.337 347.
[54]Barka E,Sandhu R.Framework for role-based delegation models[C].Proceedings of the 16th Annual Computer Security Applications Conference,New Orleans:IEEE Press,2000:168-176.
[55]Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 model for role-based administration of roles[J].ACM Transactions on Information and System Security,1999,2(1):105-135.
[56]Barka E,Sandhu R.A role-based delegation model and some extensions[C].Proceedings of 23rd National Information Systems Security Conference,Baltimore:NIST,2000:101-114.
[57]Zhang L H,Ahn G J,Chu B T.A rule-based framework for rolebased delegation[J].ACM Trans on Information and System Security,2003,6(3):404-441.
[58]Barka E,Sandhu R.Role-based delegation model/hierarchical roles(RBDM1)[C].Proceedings of the 20th Annual Computer Security Application Conference,Washington,DC:IEEE Press,2004:396-404.
[59]洪帆,段素娟,黎成兵.基于图的委托授权模型[J].北京邮电大学学报,2005,28(6):5-8.
[60]徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978.
[61]郭太生:美国公共安全危机事件应急管理研究.中国人民公安大学学报2003 19(6):16-25.
[62]顾林生.东京大城市防灾应急管理体系及启示.防灾技术高等专科学校学报,2005,7(2):5-13.
[63]Bammidi,P.;Moore,K.L;Emergency management systems:a systems approach,Volume 2,2-5 Oct.1994 Page(s):1565-1570 vol.2
[64]姚杰,池宏,计雷.带有潜变量的结构方程模型在突发事件应急管理中的应用.中国管理科学,2005,02.
[65]Nakatani,N.:Yamasaki,S.;Takahashi,K.:Hijikata,Y.;Communication support system for emergency management,SICE 2002.Proceedings of the 41st SICE Annual Conference,Volume 3,5-7 Aug.2002 Page(s):1647-1650.
[66]罗伯特.希斯著,王成等译,危机管理.中信出版社,2000.
[67]杨尔弘;突发事件信息提取研究(博士论文).北京语言大学 2005,6.
[68]姚杰,计雷,池宏;突发事件应急管理中的动态博弈分析.应用研究,2005,17(3):46-51.
[69]Brady,T.F.;Emergency management:capability analysis of critical incident response Simulation Conference,2003.Proceedings of the 2003 Winter Volume 2,7-10 Dec.2003 Page(s):1863-1867
[70]Atoji,Y.;Koiso,T.;Information filtering for emergency management Robot and Human Interactive Communication,2000.RO-MAN 2000.Proceedings.9th IEEE International Workshop on 27-29 Sept.2000 Page(s):96-100.
[71]Diniz,V.B.;Borges,M.R.S.;Gomes,J.O.;Canos,J.H.;Knowledge management support for collaborative emergency response,Computer Supported Cooperative Work in Design,2005.Proceedings of the Ninth International Conference on Volume 2,24-26 May 2005 Page(s):1188-1193.
[72]管春,胡军:基于Java的远程应急群体决策支持系统方案传输系统的实现.系统工程理论方法应用,2003,01.
[73]郑晓军,王奕首:滕弘飞:应急系统开发与应用.计算机应用研究,2006,01.
[74]刘焕成:刘永:社会突发事件应急信息系统构建研究.情报科学,2005,12.
[75]王文俊:突发公共事件应急信息系统及其技术体系.信息化建设,2005,09.
[76]谷岩,冯华:智能化城市防灾救灾应急处理支持系统的研究.计算机工程与设计,2005,06
[77]陈建军,袁玉平;应急指挥系统建设方案设计与研究.武汉理工大学学报(信息与管理工程版),2005,02.
[78]Josefa Z.Hernandez,Juan M.Serranob;Knowledge-based models for emergency management systems,Expert Systems with Applications 20(2001) 173-181.
[79]彭斐章.树木情报需求与服务组织.武汉:武汉大学出版社,2000.
[80]刘家真.电子文件管理理论与实践.北京:科学出版社,2003.
[81]拉塞尔·M·休登.无缝隙政府:公共部门再造指南.北京:中国人民大学出版社,2002.
[82]B·盖伊·彼得斯.政府未来的治理模式.北京:中国人民大学出版社,2001.
[83]欧文·E·休斯.公共管理导论.北京:中国人民大学出版社,2001.
[84]徐晓林.电子政务导论.武汉:武汉出版社,2002.
[85]姚国章.电子政务基础用与应用.北京:北京大学出版社,2003.
[86]DoD 5200.28-STD,Department of Defense Trusted Computer System Evaluation Criteria.Department of Defense Standard,1983.
[87]Ravi S.Sandhu.Role Hierarchies and Constraints for Lattice-Based Access Control.Proc.Fourth European Symposium on Research in computer Security,Rome,Italy,Sep.25-27,1996.
[88]Li chengkai,Zhan Yongzhao,Mao Bing Xie Li.A Role-Based Access Control Model for CSCW Systems.Journal of Software,2000,11(7):931-937.
[89]刘琼波,施军,尤晋元.分布式环境下的访问控制.计算机研究与发展,2001,38(6):735-740.
[90]李立新,陈伟民,黄尚廉.强制访问控制在基于角色的安全系统中的实现.软件学报,2000,11(10),1320-1324.
[91]Avigdor Gal,Vijayalakshmi Atluri.An Authorization model for temporal data.Proceeding of the 7th ACM conference on Computer and communication security,2000,144-153.
[92]Martin S Olivier,Reind P van de Riet,Ehud Gudes.Specifying Application-level Security in Workflow Systems.DEXA Workshop 1998:346-351.
[93]R.K.Thomas and R.S.Sandhu.Task-based Authorization Controls(TBAC):A Family of Models for Active and Enterprise-oriented Authorization Management.Proceeding of the IFIP WG11.3 Workshop on Database Security,Lake Tahoe,California,August 11-13,1997.
[94]Marc Wilikens,Simone Feriti,Alberto Sanna,Marcelo Masera.A context-related authorization and access control method based on RBAC,Seventh ACM Symposium on Access Control Models and Technologies,2002,117-124.
[95]Jonathon E.Tidswell,Trent Jaeger.Integrated Constraints and Inheritance in DTAC.Proceedings of the fifth ACM workshop on ROLE-based access control,2000.
[96]尹建伟.基于Web架构智能分布式柔性工作流管理系统-WideFlow研究及实现(博士学位论文).杭州:浙江大学,2001.
[97]Konstantin Beznosov.Engineering Access Control for Distributed Enterprise Application.2000.
[98]梅苏文,高县明,刘文林等.基于角色权限管理模型的设计与实现.现代计算机.2002,151:10-1.
[99]刘宏月,范九伦,马建峰.访问控制技术研究进展.小型微型计算机系统.2004,25(1):56-59.
[100]于淼,王延章.公文流转中操作活动的分解和管理.计算机工程.2003,22(29):18-21.
[101]柴晓路,梁宇奇.Web Services技术、架构和应用.北京:电子工业出版社,2003.6:6-23.
[102]戴荣、马方平、吴键等译.构建XML Web服务—基于Microsoft.Net平台.北京:清华大学出版社,2002.10.
[103]Jerry Foster,Mick Porter.Developing Web Services with Java APIs for XML Using WSDP.Syngress Publishing,Inc.2002:234-285.
[104]Doug Tidwell,James Snell.Programming Web Services with SOAP.O' Reilly.2001:146-187.
[105]Steve Graham,Simeon Simeonov.Building Web Services with Java TM:Making Sense of XML,SOAP,WSDL,and UDDI.Sams Publishing.2001:212-248.
[106]刘小红.证书状态信息分发方法研究和系统设计:(博士学位论文).杭州:浙江大学,2001.
[107]Balfanz D.,Durfee,G.,Smetters,D.K.,Grinter,R.E..In search of usable security:five lessons from the field.Security & Privacy Magazine,2004,5(2):19-2.
[108]Lee,Hannah K.Unraveling decentralized authorization for multi-domain collaborations.Proceedings of the 3rd International Conference on Collaborative Computing:Networking,Applications and Worksharing,CollaborateCom 2007,p 33-40,2007.
[109]Sohr,Karsten,Mustafa,Tanveer,Bao,Xinyu,Ahn,Gail-Joon.Enforcing role-based access control policies in Web Services with UML and OCL.Proceedings-Annual Computer Security Applications Conference,ACSAC,p 257-266,2008.
[110]Royer,Julio C.,Willrich,Roberto,Diaz,Michel.User profile-based authorization policies for network QoS services.Proceedings of the 7th IEEE International Symposium on Networking Computing and Applications,NCA 2008,p 68-75,2008.
[111]Pereira,Anil L.,Muppavarapu,Vineela,Chung,Soon M..Role-based access control for grid database services using the community authorization service.IEEE Transactions on Dependable and Secure Computing,v 3,n 2,p 156-166,April/June 2006.
[112]Castro,R.,L6pez,D.R.,Vega,J..An authentication and authorization infrastructure:The PAPI system.Fusion Engineering and Design,v 81,n 15-17 SPEC.ISS.,p 2057-2061,July 2006.
[113]Danfeng,Yao,Tamassia,Roberto.Cascaded authorization with anonymous-signer aggregate signatures.Proceedings of the 2006 IEEE Workshop on Information Assurance,v 2006,p 84-91,2006.
[114]Warner,Janice,Atluri,Vijayalakshmi.Inter-instance authorization constraints for secure workflow management.Proceedings of ACM Symposium on Access Control Models and Technologies,SACMAT,v 2006,p 190-199.
[115]Fugkeaw,Somchart,Manpanpanich,Piyawit,Juntapremjitt,Sekpon.Adding SAML to two-factor authentication and single sign-on model for dynamic access control.2007 6th International Conference on Information,Communications and Signal Processing,ICICS,2007.
[116]Haupt,Tomasz,Kalyanasundaram,Anand,Zhuk,Igor.Architecture for a secure distributed repository.Proceedings-IEEE/ACM International Workshop on Grid Computing,p 200-206,200.
[117]Pereira,Anil L.,Muppavarapu,Vineela,Chung,Soon M..Role-based access control for grid database services using the community authorization service.IEEE Transactions on Dependable and Secure Computing,v 3,n 2,p 156-166,April/June 2006
[118]Castro,R.,Lopez,D.R.,Vega,J..An authentication and authorization infrastructure:The PAPI system.Fusion sEngineering and Design,v 81,n 15-17 SPEC.ISS.,p 2057-2061,July 2006
[119]Yao,Danfeng,Tamassia,Roberto.Compact and anonymous role-based authorization chain.ACM Transactions on Information and System Security,v 12,n 3,January 1,2009
[120]Takahashi,Kazuhide,Kon,Takashi,Akiyama,Kazuyoshi,Jinguji,Makoto.A practical network management system based on an organization hierarchy mobile agent model.Electronics and Communications in Japan,Part Ⅱ:Electronics(English translation of Denshi Tsushin Gakkai Ronbunshi),v 90,n 10,p 84-102,October 2007
[121]Wilson,John A.Structural matters in HTSC:The origin and form of stripe organization and checkerboarding.Journal of Physics Condensed Matter,v 18,n 6,p R69-R99,Febrary 15,2006
[122]Ahituv,Niv,Carmi,Nava.Measuring the power of information in organizations.Human Systems Management,v 26,n 4,p 231-246,2007
[123]Muthaiyah,Saravanan,Kerschberg,Larry.Virtual organization security policies:An ontology-based integration approach.Information Systems Frontiers,v 9,n 5,p 505-514,November 2007
[124]Laccetti,G.,Schmid,G..A framework model for grid security.Future Generation Computer Systems,v 23,n 5,p 702-713,June 2007
[125]Bessonov,A.B..Organizational-legal support for the information security of an organization.Scientific and Technical Information Processing,v 35,n 5,p 215-227,2008
[126]David J.Enhancing owl ontologies with relation semantics Kothari,Cartik R..Russomanno.International Journal of Software Engineering and Knowledge Engineering,v 18,n 3,p 327-356,May 2008.
[127]Wyner,Adam.An ontology in OWL for legal case-based reasoning.Artificial Intelligence and Law,v 16,n 4,p 361-387,December 2008.
[128]Dietrich Jens,Jones Nathan,Wright Jevon.Using social networking and semantic web technology in software engineering-Use cases,patterns,and a case study.Journal of Systems and Software,v 81,n 12,p 2183-2193,December 2008.
[129]Horrocks Ian.Ontologies and the semantic web.Communications of the ACM,v 51,n 12,p 58-67,December 1,2008.
[130]Rodrigues Toni,Rosa Pedro,Cardoso Jorge.Moving from syntactic to semantic organizations using JXML20WL.Computers in Industry,v 59,n 8,p 808-819,October 2008
[131]Bhiri Sami,Gaaloul Walid,Rouached Mohsen,Hauswirth Manfred.Semantic web services for satisfying SOA requirements.Lecture Notes in Computer Science(including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),v 4891 LNCS,p 374-395,2008,Advances in Web Semantics I-Ontologies
[132]Fenza Giuseppe,Loia Vincenzo,Senatore Sabrina.A hybrid approach to semantic web services matchmaking.International Journal of Approximate Reasoning,v 48,n 3,p 808-828,August 2008
[133]Eiter Thomas,Ianni Giovambattista,Lukasiewicz Thomas,Schindlauer Roman,Tompits Hans.Combining answer set programming with description logics for the Semantic Web.Artificial Intelligence,v 172,n 12-13,p 1495-1539,August 2008
[134]Lukasiewicz,Thomas.Probabilistic description logic programs under inheritance with overriding for the Semantic Web.International Journal of Approximate Reasoning,v 49,n 1,p 18-34,September 2008
[135]Golbeck Jennifer,Hendler James.A semantic web approach to the provenance challenge.Concurrency Computation Practice and Experience,v 20,n 5,p 431-439,April 10,2008
[136]Neri Mario Arrigoni,Colombetti Marco.Ontology-based learning objects search and courses generation.Applied Artificial Intelligence,v 23,n 3,p 233-260,March 2009
[137]Tripathi Uttam Kumar,Hinkelmann Knut,Feldkamp Daniela.Life cycle for change management in business processes using semantic technologies.Journal of Computers,v 3,n 1,p 24-31,January 2008
[138]Brogi Antonio,Corfini Sara,Popescu Razvan.Semantics-based composition-oriented discovery of Web services.ACM Transactions on Internet Technology,v 8,n 4,September 1,2008
[139]Izza Said.Integration of industrial information systems:From syntactic to semantic integration approaches.Enterprise Information Systems,v 3,n 1,p 1-57,2009
[140]Bitters Barry.Spatial relationship networks:Network theory applied to G1S data.Cartography and Geographic Information Science,v 36,n 1,p 81-93,January 2009
[141]Salam A.F.Semantic supplier contract monitoring and execution DSS architecture.International Journal of Intelligent Information Technologies,v 4,n 3,p 1-26,July/September 2008
[142]Haarslev Volker,Miller Ralf.On the scalability of description logic instance retrieval.Journal of Automated Reasoning,v 41,n 2,p 99-142,August 2008
[143]Halaschek-Wiener Christian,Kolovski Vladimir.Syndication on the Web using a description logic approach.Web Semantics,v 6,n 3,p 171-190,September 2008
[144]Ohayon Shay,Harmening Wolf,Wagner Hermann,Rivlin Ehud.Through a barn owl's eyes:Interactions between scene content and visual attention.Biological Cybernetics,v 98,n 2,p 115-132,February 2008
[145]Savvas Ioannis,Bassiliades Nick.A process-oriented ontology-based knowledge management system for facilitating operational procedures in public administration.Expert Systems with Applications,v 36,n 3 PART 1,p 4467-4478,April 2009