Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAE.IT-X.1144 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2016-12-27 ÃÑÆäÀÌÁö 459
ÇѱÛÇ¥Áظí È®À强 Á¢±ÙÁ¦¾î »ý¼º¾ð¾î 3.0
¿µ¹®Ç¥Áظí eXtensible Access Control Markup Language (XACML) Version 3.0
Çѱ۳»¿ë¿ä¾à ÃÖ±Ù¿¡´Â ÄÄÇ»Æà Ç÷§Æû °³¹ß ¾÷üµéÀÌ ¹ü¿ëÀûÀÎ ±â´ÉÀ» °®Ãá Á¦Ç°µéÀ» °³¹ßÇÏ°í ÀÖÀ¸¸ç, À̸¦ ±¤¹üÀ§ÇÏ°Ô °ÅÀÇ ¸ðµç »óȲ¿¡ Àû¿ëÇÏ°í ÀÖ´Ù. ÀÌ·¯ÇÑ Á¦Ç°µéÀº µ¥ÀÌÅÍ¿¡ ´ëÇÑ Á¢±Ù ¹× ¼ÒÇÁÆ®¿þ¾îÀÇ ½ÇÇà¿¡ ´ëÇÑ ±ÇÇÑÀ» ÇÊ¿ä·Î Çϸç, ÀÌ¿¡ µû¶ó º¸¾È Á¤Ã¥À» °¡Áö°í ¸¹Àº ¾îÇø®ÄÉÀÌ¼Ç È¯°æ¿¡¼­ »ç¿ëµÇ°í ÀÖ´Ù. ÀϹÝÀûÀ¸·Î ´ë ±â¾÷ÀÇ º¸¾È Á¤Ã¥Àº ¸Å¿ì º¹ÀâÇÏ°Ô ±¸¼ºµÇ¸ç, Á¤º¸½Ã½ºÅÛ ºÎ¼­, ÀÎ»ç ºÎ¼­, ¹ý·ü °ü·Ã ºÎ¼­, À繫ºÎ¼­ µîµî ¿©·¯ ºÎ¼­¿¡ ÀÇÇØ °¢°¢ °ü¸®µÇ°í ÀÖ´Ù. ¶ÇÇÑ, ¿¢½ºÆ®¶ó³ÝÀ̳ª ÀüÀÚ¿ìÆí, WAN, ±×¸®°í ¿ø°Ý Á¢±Ù½Ã½ºÅÛ¿¡¼­ ¹¬½ÃÀûÀ¸·Î¶óµµ º¸¾ÈÁ¤Ã¥ÀÌ ±¸ÇöµÇ¾î ÀÖ´Ù. ±×·¯³ª ÇöÀç ÀÌ¿Í °°Àº º¸¾ÈÁ¤Ã¥Àº °¢°¢ÀÇ ½Ã½ºÅÛ¿¡¼­ µ¶¸³ÀûÀ¸·Î °ü¸®µÇ°í ÀÖ´Â °æ¿ì°¡ ÀϹÝÀûÀ̸ç, ÀÌ¿Í °°Àº º¸¾ÈÁ¤Ã¥ÀÇ ¼öÁ¤¿¡´Â ¸¹Àº ºñ¿ëÀÌ ¼Ò¿äµÇ°Å³ª ½Å·Ú¼ºÀÌ ¶³¾îÁø´Ù. ¶ÇÇÑ, ±â¾÷¿¡¼­ º¸¾ÈÁ¤Ã¥À» ½ÃÇàÇϴµ¥ À־ º¸¾È ´ëÃ¥¿¡ ´ëÇÑ ÅëÇÕ¼ºÀ» È®º¸ÇÏ´Â °ÍÀº »ç½Ç»ó ºÒ°¡´ÉÇÏ´Ù. ±×·¯³ª ÃÖ±Ù¿¡ ±â¾÷À̳ª Á¤ºÎ±â°ü¿¡ ´ëÇؼ­ ±â¾÷°ú Á¤ºÎ, °í°´°ú ½Ã¹ÎÀÇ Á¤º¸ ÀÚ»êÀ» º¸È£Çϱâ À§ÇÑ ¡°ÃÖ»óÀÇ¡± ¹æ¾ÈÀ» Á¦½ÃÇ϶ó´Â ¾Ð·ÂÀÌ °Å¼¼Áö°í ÀÖ´Ù.

ÀÌ·¯ÇÑ ÀÌÀ¯·Î ÀÎÇØ, º¸¾ÈÁ¤Ã¥À» Ç¥ÇöÇÒ ¼ö ÀÖ´Â °øÅëÀûÀÎ ¾ð¾îÀÇ Çʿ伺ÀÌ ³ô¾ÆÁö°í ÀÖ´Ù. ¸¸ÀÏ ±â¾÷ Àü¹Ý¿¡ °ÉÄ£ º¸¾ÈÁ¤Ã¥ÀÌ °øÅë ¾ð¾î·Î ±¸ÇöµÉ ¼ö ÀÖ´Ù¸é, Á¤º¸½Ã½ºÅÛ ³»ÀÇ °¢ ÄÄÆ÷³ÍÆ® ¾È¿¡ Á¸ÀçÇÏ´Â ¸ðµç º¸¾ÈÁ¤Ã¥ Á¶Ç×µéÀÇ ÁýÇàÀ» ±â¾÷ÀÌ °ü¸®ÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ¿©±â¼­ º¸¾ÈÁ¤Ã¥À» °ü¸®ÇÑ´Ù´Â °ÍÀº Á¤Ã¥ÀÇ ÀÛ¼º, °ËÅä, ½ÃÇè, ½ÂÀÎ, °øÇ¥, °áÇÕ, ºÐ¼®, ¼öÁ¤, öȸ, °Ë»ö ½ÃÇà µîÀ» ÀǹÌÇÑ´Ù.

º¸¾ÈÁ¤Ã¥ ¾ð¾î´Â XMLÀ» ±â¹ÝÀ¸·Î ÀÛ¼ºµÇ´Âµ¥, ÀÌ´Â XMLÀÇ ¹®¹ý(syntax)°ú ÀǹÌ(semantics)°¡ º¸¾ÈÁ¤Ã¥ ¾ð¾îÀÇ À¯ÀÏÇÑ ¿ä±¸»çÇ×µéÀ» ¸¸Á·½Ãų ¼ö ÀÖÀ» ¸¸Å­ ½±°Ô È®ÀåµÉ ¼ö ÀÖ°í, ÁÖ¿ä Ç÷§Æû°ú Åø º¥´õµéÀÌ XMLÀ» Áö¿øÇϱ⠶§¹®ÀÌ´Ù.

º» Ç¥ÁØÀº ¹ü¿ëÀûÀ¸·Î »ç¿ëÇÒ ¼ö ÀÖ´Â XML ±â¹ÝÀÇ º¸¾È Á¤Ã¥À» ¸í¼¼ÇÏ´Â °ÍÀ» ÁÖ¸ñÀûÀ¸·Î ÇÏ°í ÀÖ´Ù.
¿µ¹®³»¿ë¿ä¾à Recently, computing platform vendors to develop products with very generalized functionality, so that they can be used in the widest possible range of situations. These products have the privilege for accessing data and executing software, so that they can be used in as many application environments as possible, including those with security policies. The security policy of a large enterprise has many elements and many points of enforcement. Elements of policy may be managed by the Information Systems department, by Human Resources, by the Legal department and by the Finance department. And the policy may be enforced by the extranet, mail, WAN and remote-access systems; platforms which inherently implement a permissive security policy. The current practice is to manage the configuration of each point of enforcement independently in order to implement the security policy as accurately as possible. Consequently, it is an expensive and unreliable proposition to modify the security policy. And, it is virtually impossible to obtain a consolidated view of the safeguards in effect throughout the enterprise to enforce the policy. At the same time, there is increasing pressure on corporate and government executives from consumers, shareholders and regulators to demonstrate "best practice" in the protection of the information assets of the enterprise and its customers.

For these reasons, there is a pressing need for a common language for expressing security policy. If implemented throughout an enterprise, a common policy language allows the enterprise to manage the enforcement of all the elements of its security policy in all the components of its information systems. Managing security policy may include some or all of the following steps: writing, reviewing, testing, approving, issuing, combining, analyzing, modifying, withdrawing, retrieving and enforcing policy.

XML is a natural choice as the basis for the common security-policy language, due to the ease with which its syntax and semantics can be extended to accommodate the unique requirements of this application, and the widespread support that it enjoys from all the main platform and tool vendors.

The standard is to specify general purpose security policy language based on XML.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAE.IT-X.1144_[1].pdf TTAE.IT-X.1144_[1].pdf            

ÀÌÀü
ÃË°¢»óÈ£ÀÛ¿ë ¸ÞŸ µ¥ÀÌÅÍ
´ÙÀ½
64ºñÆ® ºí·Ï¾ÏÈ£ HIGHT