| 摘要 |
<p>The present invention provides a system and a method for managing authorization based on objects, wherein the system comprises an object management module, an authorization and authentication management module and an authorization resource management module, wherein the object management module is configured to extract an object from a user entity and subsequently associate the extracted object with an entity object in an application system; the authorization resource management module is adapted to model an authorization, perform domain split and decentralized management on authorization resources; wherein the domain split management is performed on users at different levels, and the decentralized management is performed on users at the same level; the authorization and authentication management module is configured to authorize the authorization resources to an entity object with identity characteristics and perform authentication when the object is accessing the authorization resources so as to obtain access authentication, wherein after the authentication succeeds, the object obtains an authorization permission and is accessing the authorization resources, otherwise, the object is refused access to the authorization resources. The present invention settles the problem that the management is difficult when multiple types of users exist in different application systems, which enables fine control on the authorization resources.</p> |
