• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.24 no.66
• /
• pp.27-35
• /
• 2001

The Gateway Server Authorization System(GSAS) presented in this thesis is a database authorization system. GSAS is responsible for user\`s authorization, and privilege management, audit service. Only users that are filtered in GSAS can access the DBMS(Data Base Management System) through middleware. GSAS is located at the DBMS and already contains an authorization record for user accessing a specific DBMS. GSAS on consists of several components, namely an authorization manager, a privilege manager, and an audit manager. As an authorization manager and a privilege manager can only approve a pass at the same time, a user can get accessibility for DBMS.

• Journal of information and communication convergence engineering
• /
• v.2 no.2
• /
• pp.128-131
• /
• 2004

We suggest resource authorization system based on RBAC admitting someone to access resources. In existing grid environment, The authorization mechanism on user's resource is to give users an authority on the basis of DN(Distinguished Name) of proxy certificate and map file mapped in local system ID by one-to-one. In this case, it is difficulty in resource management such as each accounting management, memory resource, and disk resource, if the number of users, who want to use them is increased. To solve this problem, we specify the role of user's task in extension fields of his proxy certificate instead of the authorization mechanism of user's ID and propose resource authorization system being able to access his resource.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Proceedings of the IEEK Conference
• /
• summer
• /
• pp.355-360
• /
• 2004

With the growing acceptance of XML technologies, XML will be the most common tool for all data manipulation and data transmission. Meeting security requirements for privacy, confidentiality and integrity is essential in order to move business online and it is important for security to be integrated with XML solutions. Many policies require certain conditions to be satisfied and actions to be performed before or after a decision is made. Binary yes/no decision to an access request is not enough for many applications. These issues were addressed and formalized as provisions and obligations by Betti et Al. In this paper, we propose an authorization model with provisions and obligations in XML. We introduce a formal definition of authorization policy and the issues involving obligation discussed by Betti et Al. We use the formal model as a basis to develop an authorization model in XML. We develop DTDs in XML for main components such as authorization request, authorization policy and authorization decision. We plan to develop an authorization system using the model proposed.

• Proceedings of the KSR Conference
• /
• 2011.10a
• /
• pp.2539-2547
• /
• 2011

This paper will introduce the safety authorization system for light rail transit(LRT) through investigating safety certification & safety authorization in foreign country and aviation field in Korea. The safety authorization system proposed by the government these day was also investigated. Korea Transportation Safety Authority(KOTSA) have conducted safety validation process on Busan-Gimhae LRT before its revenue service during three months since Jan. of 2011. We describe the overview of these validation activities, results and safety certification issued. Learning from this process, we propose the standardized safety validation process including checklists which can be applied to common unmanned light rail system. This study will be a basis of railway safety authorization for LRT and will be continually improve its application ability by the future study.

• Journal of Aerospace System Engineering
• /
• v.9 no.1
• /
• pp.19-27
• /
• 2015

The Technical Standard Order articles are the parts and appliances for which the civil aviation authority designates as it is necessary to standardize for the expedited certification process and aviation safety. TSO articles were used on the type certified aircraft as replacement parts in the early days of TSO authorization system, but those articles are widely used on the newly developed aircraft as well in these days. In this paper, we compared the differences of the TSO authorization systems between FAA and EASA, and proposed the rulemaking items to improve Korean TSO authorization system and to contribute to growth of aviation industry.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.585-587
• /
• 2004

Diameter base protocol is intended to provide an AAA framework for applications such as IP mobility. Currently Diameter base protocol is standardized to RFC 3588, but there are some problems. One of them, path authorization is already argued at IETF WG Mailing List. According to RFC 3588, path authorization function causes inefficient data traffic and conflicts with RFC 3588 itself. In this paper, we analysis these problems about path authorization function and propose more improved solution.

• The Mathematical Education
• /
• v.39 no.1
• /
• pp.1-9
• /
• 2000

Now, mathematics textbook is being developed in accordance with the 7th educational curriculum. It is expected that qualified textbook reflecting 'differentiated education' concept be developed and published. But there are still many limitations of textbook authorization system to develop 'such' textbook. Many authors of textbook have difficulty in developing creative and qualified textbooks in their own way. In this paper, we deal with what the authors should keep in mind and could reflect related on textbook authorization system in developing textbook. For this purpose, focusing on new 'content principle' of mathematics textbook authorization, the paper presented its educational background.

• Journal of Engineering Education Research
• /
• v.11 no.1
• /
• pp.15-23
• /
• 2008

This research was conducted to evaluate economic & non-economic performance of the National Authorization System of Private Qualification. After the Private Qualifications had the National Authorization, acquisitors have been helped related to the job-seeking compare to private certification's acquisitors, but promotion and wage of acquisitors were not about economic performance. Non-economic performance was lowed like satisfaction of job and improvement of special competence. However fear of current employment have been relieve throughout national authorization.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.273-280
• /
• 2003

When an existing user authorization systems in Grid access many user to local system and subject DN (Distinguished Name) in a user-proxy authenticate and ID in local system is one-to-one mapping, they have difficulties in ID management, memory resource management and resource management. At this, a variety of subject DN is shared of one local ID in an existing Grid. But this faces many difficulties in applying all requirements for many Grid users. Thus, we suppose user authorization system based on a certificate not them based on ID in this paper. That is, we add user's access level to extension field in a certificate, and make a supposed authorization system decide access limitation level on resources instead of an existing ID mapping methods.