Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GM/T 0032-2014 PDF English

US$160.00 · In stock · Download in 9 seconds
GM/T 0032-2014: Specifications for role based privilege management and access control
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GM/T 0032-2014160 Add to Cart Auto, 9 seconds. Specifications for role based privilege management and access control Valid

Similar standards

GB/T 15843.1   GA/T 1389   GM/T 0023   

GM/T 0032-2014: Specifications for role based privilege management and access control

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0032-2014
GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 File No.. 44633-2014 Specifications for role based privilege management and access control Issued on: FEBRUARY 13, 2014 Implemented on: FEBRUARY 13, 2014 Issued by. State Cryptography Administration

Table of Contents

Foreword . 3 1 Scope .. 4 2 Normative references .. 4 3 Terms and definitions .. 4 4 Abbreviations .. 6 5 Privilege and access control framework .. 6 5.1 Location of privilege and access control in the public key cryptography infrastructure application technology framework . 6 5.2 General of privilege and access control framework . 6 5.4 Access control enforcement function (AEF) .. 8 5.5 Access control decision function (ADF) .. 8 6 Access control policy description language . 11 6.1 Model .. 11 6.2 Syntax .. 14 7 Privilege policy description language . 18 7.1 Model . 18 7.2 Privilege policy description language syntax .. 19 8 Access control protocol .. 23 8.1 General . 23 8.2 Access control request message .. 24 8.3 Access control response message .. 28 9 Requirements for application systems .. 31 9.1 AEF implementation .. 31 9.2 Expression of roles . 31 9.3 Privilege process . 32 9.4 Description of access control policy . 32 9.5 Identity identification .. 32 Annex A (normative) Definition and description of access control decision status code .. 33 Bibliography .. 34 Foreword This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing authority shall not be held responsibility for identifying any or all such patent rights. This Standard was proposed by and shall be under the jurisdiction of Code Industry Standardization Technical Committee. Drafting organizations of this Standard. Changchun Jida Zhengyuan Information Technology Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, Chengdu Westone Information Industry Co., Ltd., Shandong De’an Information Technology Co., Ltd., Shanghai Koal Software Co., Ltd., Beijing Digital Certificate Certification Center Co., Ltd., Shanghai Digital Certificate Certification Center Co., Ltd., Wanda Information Co., Ltd., Xingtang Communication Technology Co., Ltd. Drafters of this Standard. Liu Ping, Li Weiping, Zhao Lili, He Changlong, Xu Qiang, Li Yuanzheng, Gao Zhiquan, Tan Wuzheng, Li Shusheng, Cui Jiuqiang, Zhou Dong, Wang Nina. Specifications for role based privilege management and access control

1 Scope

This Standard specifies the role-based privilege and access control framework structure and the logical relationship between the various components within the framework, defines the functions, operating procedures and operating protocols of each component, and defines the uniform format of access control policy description language and privilege policy description language, and the standard interface for access control protocols. This Standard is applicable to the development of role-based privilege and access control systems under the public key cryptography technology system, and may guide the detection of such systems and the development of related applications.

2 Normative references

The following referenced documents are indispensable for the application of this document. For dated references, only the dated edition cited applies. For undated references, the latest edition of the referenced document (including all amendments) applies. GB/T 20519 Information security technology - Public key infrastructures - Privilege Management Center technical specification GM/T 0019 Universal cryptography service interface specification

3 Terms and definitions

For the purpose of this document, the following terms and definitions apply. 3.1 access control decision Evaluation result of the access control decision function to the access request. 3.2 access control decision function Component responsible for making the decision on the access request. 3.3 access control enforcement function Component that performs the access control policy function. 3.4 access control policy Binding relationship, determined by the application, between roles and resources. 3.5 access control policy certificate Attribute certificate that carries the application access control policy. 3.6 contextual information Environmental information related to the access decision result when the request is happening. 3.7 privilege management Management of the distribution relationship between subjects and roles. 3.8 privilege information Information that identifies the distribution relationship between subjects and roles. 3.9 privilege certificate Attribute certificate that carries the privilege information. to complete the binding of subjects and roles, roles and resources, such as using privilege certificates and access control policy certificates. When using the attribute certificate to carry the binding relationship, the system shall follow the requirements of GB/T 20519. 5.4 Access control enforcement function (AEF) The AEF receives the access request, encapsulates the access request according to the access control protocol and controls the access to the resource based on the decision result. When the decision result is “permit”, the AEF authorizes the initiator's access to the resource; if the decision result is “deny”, the AEF shall block the initiator's access to the resource. The use mode of the AEF includes share and non-share. In the share mode, multiple applications use one AEF; in the non-share mode, each application uses its own AEF. 5.5 Access control decision function (ADF) The ADF makes the decision on the access request based on the privilege information, the access control policy and other information. The input of the ADF includes the access request, the privilege information, the access control policy and the ADF retention information. The output of the ADF is the access control decision result. The ADF decision result includes “permit” and “deny”. “Permit” means that the access request meets the resource's access control policy constraints; “deny” means that the access request does not meet the access control policy constraints. The input and output information of the ADF is shown in Figure 3. 1) Initiator identity. The initiator identity includes three types, which are. - simple string; - signature certificate serial number + signature certificate issuer subject; - signature public key. 2) Resource information. The resource information is the resource identity string carried in the access request. 3) Contextual information. The contextual information is the information related to the access request and capable of identifying the environment characteristics of the access request. It may need this information when making access request decisions. They are, respectively. - time. the time when the access request is initiated; - location. the source address where the access request is initiated; - type of initiator identity; - custom information. the information defined by the application, participating in the access decision. 4) Role identity. The role identity is the role information that the subject shall use to access resources in the current scenario when an access occurs. See Clause 8 for detailed access request formats. 5.5.2 Privilege information The privilege information in the role-based privilege and access control model refers to the binding relationship between subjects and roles. See Clause 7 for a detailed description of privilege information. The privilege information of the initiator may be carried by using the privilege certificate, or may be carried by other methods, but the authenticity and integrity of the privilege information shall be ensured. see the definition of access request carrying protocol. For example, the HTTP protocol defines the GET, POST and other actions. 6.1.2 Rules The rule is the criteria for controlling access to the resource, including four elements. roles, resources, actions and conditions, among which conditions are optional factors. The evaluation result may be “permit” or “deny”. Multiple rule evaluation results for the same resource shall be combined into a single evaluation result using the merge algorithm. The ADF selects appropriate rules based on the role of the access request initiator and resources, actions and related environmental factors of the request. For unconditional rules, the access request initiator may perform corresponding actions on the resource as long as it is the role specified in rules. For conditional rules, the access request initiator shall be the role specified in rules and meet the requirements of the conditions before performing corresponding actions on the resource. For conditional rules, the evaluation result of rules depends on the evaluation result of conditions. The ADF evaluates each condition and combines multiple condition evaluation results into a logical expression through the logical combination algorithm, which finally forms the evaluation result for all conditions. 6.1.3 Conditions The condition is the contextual restriction (such as the time limit of actions) that shall be satisfied when performing the specified action on the resource. The evaluation result is TRUE or FALSE. The condition is a relational expression consisting of one of four kinds of contextual information. time, location, initiator identity type and custom information. Multiple conditions may be connected by using logical operators and form a logical expression... ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GM/T 0032-2014 be delivered?Answer: The full copy PDF of English version of GM/T 0032-2014 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GM/T 0032-2014_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0032-2014_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GM/T 0032-2014 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GM/T 0032-2014?

A step-by-step guide to download PDF of GM/T 0032-2014_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GM/T 0032-2014".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9