摘要 |
<p>PURPOSE: A data access control architecture and a method for controlling access of data in a pervasive environment is provided to obtain an expanded XACML collaboration model in which an expanded role base access control method is applied. CONSTITUTION: A policy about data access control is instituted through a policy management point(14). A policy enforcement point(18) receives an access-request context from an access requester(12). A policy decision point(16) evaluates the access-request context according to the policy and decides whether the access-request person approaches or not. A role enablement authority point(22) delivers a need context which is transferred from the policy decision point to the request object attribute. A context handler attribute(20) changes the context suitably between the policy enforcement point, and the policy decision point and role enablement authority point.</p> |