中文摘要：

针对协同开发环境的需求,提出基于角色和属性的访问控制模型.该模型定义了客体公共属性和主体组织属性,以适应客体可访问性的动态变化和提高分布式授权的灵活性.为保证显性的角色权限配置,建立了权限的运算规则,以解决基于属性的权限配置分析问题.为保证分布式授权的安全性,采用全局访问控制矩阵限制分布授权.所建立的模型已在协同开发环境中得到应用,验证了所提方法的有效性.

英文摘要：

An access control model based on role and attribute was presented for requirement of collaborative development environment, in which the public attributes of objects and organizational attributes of subjects were defined to satisfy the dynamic variable accessibilities of objects and to improve the flexibility of permission assignments. To maintain the explicit role-permission assignments, the permission calculus rules were stipulated so that permission assignments based on attributes could be analyzed. The general access control matrix was used to ensure the security of distributed authorization. The proposed model was applied to a collaborative development environment, and the effectiveness was proved.