摘要 |
PROBLEM TO BE SOLVED: To provide an attribute authorization device for managing a rule for acquiring and verifying attribute information necessary for the authorization determination of access to a resource and authorization policy definition to decide an authorization rule based on the acquired attribute information, and for making authorization determination based on this in an open network such as the Internet, and to generally use the attribute information owned by each user without depending on any service. SOLUTION: When an authorization condition decision request is inputted, an authorization condition deciding part 11 acquires resource identification information from the authorization condition decision request, and calls an authorization policy management part 13 by inputting the resource identification information, and acquires authorization policy definition. Then, the authorization condition deciding part 11 acquires an authorization condition attribute definition information list from the authorization policy definition, and prepares an authorization condition based on the authorization condition attribute definition information list, and returns it to the origin of call. As a result, it is not necessary to install any authorization deciding mechanism for access control in each resource management device. Also, it is possible to reduce management costs at a resource management device side by executing access control based on the attribute information held at an access request side. COPYRIGHT: (C)2005,JPO&NCIPI
|