PGP,全称Pretty Good Privacy,是一个基于RSA公钥加密体系的电子邮件加密软件。它可以对电子邮件进行加密和签名,防止非授权阅读并确定发信人的真实身份。PGP采用了对称和非对称混合的加密算法、单向散列算法以及较为审慎的密钥管理机制。本文中,作者分析了PGP的原理和密钥管理机制,根据其弱点提出了一种改进方案(iPGP)。
Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control(GARBAC) model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user's attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments.