PeerAccess A logic for distributed authorization
统一身份认证的设计与实现
3
结束语
本系统主要实现了 单点登 录、 用 户管理、 统一 身份认 证管理、 授权管理等功 能, 从一定 程度 提高了 系统 管理效 率, 避免了大量重复开发。但是本文对认证服务的安全性 和访问控制策略考虑得不够深刻, 然而随着我国信息技术 的高速发展, 未来必将会对统一身份认证系统提出更高的 要求。
1
统一身份认证的设计与实现
1. 1 系统基本设计
本文所探讨的系统采用的结构是浏览器- 客户端, 使 用 Java 语言, 其中 W eb 应用程序 是采用 三层架 构的。身 份认证过程包括以下 内容: 首先 在登 录系统 时, 要验 证用 户名和密码, 成功通过后, 要保存此用户的一些身份信息, 进入统一登录界面, 根据 用户权 限, 用 户可以 访问相 应的 系统, 并进行相关模块操作。整个统一身份认证系统是由 服务访问者、 服务响应者、 网络 服务中心、 U DDI 中 心数据 和用户管理组成的, 详细如图 1 所示。 建立一种统一门户和统一身份认证系统及管理平台, 将财务、 教学、 学生、 后勤等应用系统集成到统一门户平台 中, 实现统一身份认证和 单点登 录, 使 用户登 陆所有 应用 系统都使用唯一的用户 名和口 令并且 访问多 个系统 时只
0
引言
随着网络信息技术的发展, 特别是近年来高校校园网
一身份认证体系上保 持外部应 用系统 用户数 据和 平台用 户数据的同步, 发挥统一身份认证系统良好的兼容性与易 移植性。
络建设不断完善和性能提高, 校园网内部运行的应用系统 也是日益增多。一般说来, 这些各自独立的系统各自拥有 一套用户及不同的身份认证方式, 结果造成多套用户存在 着用户信息冗余、 用户多密码记忆和多点登录等问题。如 何既安全又方 便地 实 现用 户认 证, 是一 个需 要解 决 的问 题。这就要求我们通过一 个公共 平台 把各自 独立的 应用 系统的身份认证、 授权和 用户管 理统 一起来, 并把各 自应 用系统有效地集成, 实现 用户的 一次 登录, 从 根本上 提高 系统管理效率和安全。
计算机专业英语单词缩写表
计算机专业英语缩写表AAT(Average Access Time) 平均存取时间ACL(Access Control Lists) 访问控制表ACK(acknowledgement character )确认字符ACPI (Adva need Con figuration and Power In terface高级配置和电源接口ADC(Analog to Digital Converter) 模数转换器ADSL(Asymmetric Digital Subscriber Line) 非对称用户数字线路ADT(Abstract Data Type) 抽象数据类型AGP(Accelerated Graphics Port图形加速端口AI( Artif icial Intelligence) 人工智能AIFF(Audio Image File Format)声音图像文件格式ALU(Arithmetic Logical Unit) 算术逻辑单元AM(Amplitude Modulation) 调幅ANN(Artificial Neural Network) 人工神经网络ANSI( American Natio nal Sta ndard In stitute)美国国家标准协会API(Applicatio n Programmi ng In terface)应用程序设计接口APPN(Adva need Peer-to-Peer Network高级对等网络ARP(Address Resolution Protocol )地址分辨/ 转换协议ARPG(Actio n Role Playi ng Game)动作角色扮演游戏ASCII (America n Sta ndard Code for In formation In tercha nge美国信息交换标准代码ASP(Active Server Page活动服务器网页ASP( Applicatio n Service Provider)应用服务提供商AST( Average Seek Time平均访问时间ATM(as ynchronous transfer mode 异步传输模式ATR (Automatic Target Recognition) 自动目标识别AVI (Audio Video Interleaved) 声音视频接口BB2B(Bus in es s to Busi ness商业机构对商业机构的电子商务B2C(Busi ness to Con sumer商业机构对消费者的电子商务BBS(bulletin board system)电子公告牌系统BER(Bit Error Rate)误码率BFS (Breadth First Search) 广度优先搜索BGP(Border Gateway Protocol )边缘网关协议BIOS(basic in put / output system基本输入输出系统BISDN(Broadba nd- I ntegrated Services Digital Network)宽带综合业务数字网BLU(Basic Link Unit) 基本链路单元BOF(Beginning Of File) 文件开头BPS(Bits Per Seco nd 每秒比特数BRI(Basic Rate In terface)基本速率接口BSP(Byte Stream Protocol )字节流协议BSS(Broadba nd Switchi ng System 宽带交换系统CCAD(Computer Aided Desig n)计算机辅助设计CAE(Computer-Aided En gi neeri ng)计算机辅助工程CAI(Computer Aided In structi on)计算机辅助教学CAM(Computer Aided Manu facturi ng)计算机辅助管理CASE(Computer Assisted Software Engin eeri ng计算机辅助软件工程CAT(Computer Aided Test计算机辅助测试CATV(Commu nity An te nna Televisio n)有线电视CB( c on trol bus )控制总线CCP(Commu nication Control Procrssor通信控制处理机CD (Compact Disc)压缩光盘,只读光盘CD-R (Compact Disc-Recordab© 可录光盘,只写一次的光盘CDFS(Compact Disk File System)密集磁盘文件系统CDMA ( Code Division Multiple Access)码分多路访问CD-MO(Compact Disc-Magneto Optical )磁光式光盘CD-ROM( compact disc read-o nly memory)只读光盘CD-RW( compact disc rewritable)可读写光盘CGA(Color Graphics Adapter )彩色显示器CGI( com mon gateway in terface公共网关接口CI(Computati onal In tellige nee)计算智能CISC (Complex Instruction Set Computer) 复杂指令集计算机CMOS ( Complementary Metal Oxide Semiconducto)互补金属氧化物半导体存储器COM(Comp onen t object model)组件对象模型CORBA(Com mon Object Request Broker Architecture)公共对象请求代理结构CPU( ce ntral proces sing unit中央处理单元CRC( cyclical redun da ncy check循环冗余校验码CRM(Clie nt Relation Man ageme nt)客户关系管理CRT(Cathode-Ray Tube阴极射线管,显示器CSMA (Carrier Sense Multi -Access载波侦听多路访问CSU( Channel Service Unit)信道服务单元CU(Control Unit )控制单元DDAC(Digital to An alogue Co nverter)数模转换器DAO(Data Access Object数据访问对象DAP(Directory Acces s Protocol )目录访问协议DBMS(Database Man ageme nt System数据库管理系统DCE(data com muni cati on equipme nt数据通信设备DCE(Distributed Comput ing En viro nment)分布式计算环境DCOM( Distributed COM) 分布式组件对象模型DDB(Distributed DataBase)分布式数据库DDE(Dy namic Data Excha nge动态数据交换DDI( Device Driver Interface) 设备驱动程序接口DDK(Driver Development Kit) 驱动程序开发工具包DDN(Data Digital Network) 数据数字网DEC(Digital Equipme nt Corporatio n)数字设备公司DES( Data En cryption Sta ndard数据加密标准DFS(Depth First Search) 深度优先搜索DFS(Distributed File System(Windows 2000) )分布式文件系统DHCP( Dynamic Host Configuration Protocol )动态主机配置协议DIB(Dual In depe ndent Bus)双独立总线DIC(Digital Image Control) 数字图像控制DLC ( Data Link Control)数据链路控制DLL(Dynamic Link Library) 动态链接库DLT (Data Link Terminal)数据链路终端DMA(Direct Memory Acces s) 直接内存访问DMSP(Distributed Mail System Protocol )分布式电子邮件系统协议DNS(Domai n Name System域名系统DOM(Docume nt Object Mode)文档对象模型DOS( Disk Operatio n System磁盘操作系统DQDB (Distributed Queue Dual Bus) 分布式队列双总线DRAM (Dynamic Random Access Memory 动态随机存取存储器DSD (Direct Stream Digital)直接数字信号流DSL(Digital Subscriber Line) 数字用户线路DSM(Distributed Shared Memory )分布式共享内存DSP( Digital Sig nal Process in g数字信号处理DTE( Data Termi nal Equipme nt)数据终端设备DVD( Digital Versatile Disc ) 数字多功能盘DVD-ROM ( DVD-Read Only Memory )计算机用只读光盘DVI (Digital Video Interactive) 数字视频交互EEC( Embedded Controller)嵌入式控制器EDIF (Electronic Data Interchange Format) 电子数据交换格式EEPROM(Erasable and Electrically Programmable ROM 电擦除可编程只读存储器EGA(Enhanced Graphics Adapter彩色显示器,分辨率为640X 350,可以显示16种颜色EGP(External Gateway Protocol外部网关协议EISA(Exte nded In dustry Stan dard Architecture 增强工业标准结构EMS(Expa nded Memory Specificatio n)扩充存储器规范EPH(Electronic payment Handler )电子支付处理系统EPROM(Erasable Programmable ROM可擦除可编程只读存储器ERP(E nterprise Resource Pla nning企业资源计划ETM(ExTe nded Memory)扩展存储器FFAT(File Allocation Table)文件分配表FCB(File Control Block) 文件控制块FCFS(First Come First Service先到先服务FCS(Frame Check Seque nee帧校验序列FDD(Floppy Disk Device)软盘驱动器FDDI(Fiber-optic Data Distribution In ter face)光纤数据分布接口FDM(Frequency-Division Multiplexing) 频分多路FDMA(Frequency Division Multiple Address) 频分多址FEC (Forward Error Correction) 前向纠错FEK(File Encryption Key) 文件密钥FEP(Front Ef fect Processor 前) 端处理机FET( Field Effect Transistor)场效应晶体管FIFO(First In First Out)先进先出FM ( Frequency Modulation)频率调制FPU( Float Poi nt Un it )浮点部件FRC(Frame Rate Control )帧频控制FTAM(File Tran sfer Access and Man ageme n文件传输访问和管理FTP(File Tran sfer Protocol)文件传输协议GGAL(General Array Logic) 通用逻辑阵列GCR( Group-Coded Recording)成组编码记录GDI( Graphics Device In terface)图形设备接口GIF(Graphics Interchange Format一种图片文件格式,图形转换格式GIS( Geographic I nformation System)地理信息系统GPI( Graphical Programmi ng In terface)图形编程接口GPIB(Ge neral Purpose In terface Bus)!用接口总线GPS(Global Positi oning System全球定位系统GSX( Graphics System Exte nsio n图形系统扩展GUI(Graphical User In terface)图形用户接口HHDC(Hard Disk Control ) 硬盘控制器HDD(Hard Disk Drive) 硬盘驱动器HDLC(High-level Data Link Control ) 高级数据链路控制HDTV (High-Defination Television)高清晰度电视HEX(HEXadecimal )十六进制HPFS( High Performanee File System)高性能文件系统HPSB (High Performance Serial Bus) 高性能串行总线HTML(Hyper Text Markup Lan guage)超文本标记语言HTTP(Hyper Text Tran sport Protocol)超文本传输协议IIAC(Inter-Application Communications) 应用间通信IC (Integrated Circuit)集成电路ICMP( In ternet Control Mes sage Protocol)因特网控制消息协议ICP( In ternet Content Provider)因特网内容服务提供商,是ISP中提供信息服务的一种机构IDC( In ternatio nal Developme nt Ce nter国际开发中心IDE( In tegrated Developme nt En vir onment)集成开发环境IDL( In terface Def in iti on Lan guage)接口定义语言IEEE( In stitute of Electrical and Electro nics En gi neeri ng)电子电器工程师协会IGP (Interior Gateway Protocol) 内部网关协议IIS( In ternet In formation Service)因特网信息服务IP( In ternet Protocol)因特网协议IPC( In ter-Proces s Commu nicatio n 进程间通信IPSE( In tegrated Project Support En viro nments集成工程支持环境IPX(I nternet Packer Exchitecture)互联网报文分组交换ISA( Industry Standard Architecture)!业标准结构,是IBM PC/ XT 总线标准ISDN( In tegrated Service Digital Network)综合业务数字网ISO ( In ternatio nal Sta ndard Orga ni zatio n 国际标准化组织ISP( Internet Service Provider )因特网服务提供者IT (Information Technology) 信息技术ITU( In ternatio nal Telecom Un io n)国际电信联盟JJDBC(Java Database Co nn ectivity) J av数据库互联JPEG(Joi nt Photographic Experts Group联合图片专家组JSP(Java Server Page) J av£艮务器页面技术JVM(J ava Virtual Machi ne)J ava 虚拟机KKB(Kilobyte) 千字节KBPS(Kilobits Per Sec ond)每秒千比特KMS( Knowledge Man ageme nt System知识管理系统LLAN(Local Area Network) 局域网LBA ( Logical Block Addressing)逻辑块寻址LCD(Liquid Crystal Display) 液晶显示器LDT ( Logic Design Translator)逻辑设计翻译程序LED(Light Emitting Diode) 发光二极管LIFO ( Last In First Out)后进先出LP ( Lin ear Programmi ng)线性规划LPC(Local Procedure Call)局部过程调用LSIC(Large Scale In tegration Circuit )大规模集成电路MMAC(Medium Access Control )介质访问控制MAN(Metropolitan Area Network) 城域网MBR (Master Boot Record)主引导记录MC(Memory Card)存储卡片MCA(Micro Channel Architecture) 微通道结构MDA ( Mono chrome Display Adapter)单色显示适配卡MFM ( Modified Frequency Modulation)改进调频制MIB(Ma nageme nt In formation Bass)管理信息库MIDI (Musical Instrument Digital Interface) 乐器数字接口MIMD(Multiple Instruction Stream,Multiple Data Stream) 多指令流,多数据流MIPS ( Millio n In structio ns Per Seco nd)每秒百万条指令MIS(Ma nageme nt In formation System)管理信息系统MISD(Multiple Instruction Stream,Single Data Stream)多指令流,单数据流MMDS(Multi-channel Multipoint Distribution Service) 多波段多点分发服务器MMU(Memory Management Unit) 内存管理单元MMXMPC(Multimedia PC)多媒体计算机MPEG(Moving Picture Expert Group) 一种视频和音频的国际标准格式MPLS(Multi-Protocol Label Switching) 多协议标记交换MPS( Micro Processor System)微处理器系列MTBF ( Mean Time Between Failures 平均故障间隔时间MUD(Multiple User Dimension) 多用户空间NNAOC(No-Account Over Clock) 无效超频NAT (Network Address Translation) 网络地址转换NC(Network Computer) 网络计算机NDIS(Network Device Interface Speci fication) 网络设备接口规范NCM(Neural Cognitive Maps) 神经元认知图NFS(Network File System)网络文件系统NIS(Network In formation Services)网络信息服务NNTP (Network News Transfer Protocol)网络新闻传输协议NOC (Network Operations Center) 网络操作中心NSP(Name Server Protocol 名) 字服务器协议NTP(Network Time Protocol)网络时间协议NUI (network user identification)网络用户标识OOA(Of f ice Automation) 办公自动化OCR( Optical Character Recog nition)光学字符识别ODBC(Ope n Database Conn ectivity开放式数据库互联ODI(Ope n Data- link In terface)开放式数据链路接口OEM( Origi nal Equipme nt Manu factures)原始设备制造厂家OLE(Object Li nking and Embeddi ng)对象链接与嵌入OMG(Object Man ageme nt Group对象管理组织OMR(Optical-Mark Recognition) 光标阅读器OOM(Object Orie nted Method)面向对象方法OOP( Object Orie nted Programmi ng面向对象程序设计ORB(Object Request Broker对象请求代理OS(Operati ng System 操作系统OSI (Ope n System In terco nn ect Refere nee Mode开放式系统互联参考模型OSPF(Ope n Shortest Path Firs 开发最短路径优先PPBX(Private Branch Excha nge用户级交换机PCB(Process Control Block进程控制块PCI(Peripheral Component Interconnect外部连接互联,是一种局部总线PCM(Pulse Code Modulatio n)脉冲编码调制PCS (Perso nal Commu nicatio ns Service)个人通信业务PDA(Perso nal Digital As sista nt)个人数字助理PDF(Portable Docume nt Format便携式文档格式PDN(Public Data Network)公共数据网PHP( Personal Home Page 个人网页PIB(Programmable In put Buffer)可编程输入缓冲区PMMU (Paged Memory Man ageme nt Unit)页面存储管理单元POP(Post Of f ice Protocol )邮局协议POST(Power- On Self -Test 加电自检PPP(Peer-Peer Protocol):对端协议PPP(Poi nt to Poi nt Protocol)点到点协议PPSN(Public Packed-Switched Network公用分组交换网PR(Performa nee Rate性能比率PROM(Programmable ROM)可编程只读存储器PSN(Processor Serial Numbe处理器序列号QC(Quality Control ) 质量控制QLP( Query Lan guage Proces so 查询语言处理器QoS( Quality of Service )服务质量RRAD(Rapid Application Developme nt)快速应用开发RAI(Remote Application In terface)远程应用程序界面RAID(Redundant Array Independent Disk) 冗余列阵磁盘机RARP(Reverse Address Resolution Protoco)l 反向地址解析协议RAM(Ra ndom Acces s Memory)随机存储器RAM(Real Address Mode)实地址模式RAID(Redu nda nt Arrays of In expe nsive Disks)冗余磁盘阵列技术RAS(Remote Access Servic)e 远程访问服务RCP(Remote CoPy 远程复制RDA(Remote Data Access 远程数据访问RDO (Remote Data Objects) 远程数据对象RF (Radio Frequency) 射频,无线电频率RIP(Raster Image Protocol光栅图像处理器RIP(Routing Information Protocol )路由选择信息协议RISC(Reduced In structio n Set Computer精简指令集计算机ROM( Read Only Memory)只读存储器RPC(Remote Procedure Call 远) 程过程调用RPG(Role Play Games角色扮演游戏RPM ( Revolutions Per Minute)转/分RTS( Request To Sene请求发送RTSP (Real Time Streami ng Protocol)实时流协议SACL (System Access Control List) 系统访问控制列表SAF(Store And Forward)存储转发SAP(Service Acces s Poi nt服务访问点SCSI(Small Computer System In terface 小、型计算机系统接口SDLC(Synchronous Data Link Control )同步数据链路控制SDK(Software Developme nt Kit)软件开发工具箱SGML(Sta ndard Gen eralized Markup Lan guage标准通用标记语言SHTTP(Secure Hype Text Transfer Protocol 安) 全超文本传递协议SIMD(Single Instruction Stream,Multiple Data Stream)单指令流,多数据流SISD(Single Instruction Stream,Single Data Stream单指令流,单数据流SLIP( Serial Line In terface Protocol)串行线路接口协议SMDS(Switch Multi-megabit Data Services)交换多兆位数据服务SMP(Symmetric Multi-Processor)对称式多处理器SMTP(Simple Mail Tran sport Protocol)简单邮件传输协议SNA(System Network Architecture)系统网络结构SNMP(Simple Network Management Protocol )简单网络管理协议SNR(Signal Noise Ratio)信噪比SNTP(Simple Network Time Protocol )简单网络时间协议SONC(System On a Chip系统集成芯片SONET(Sy nchro nous Optic Network)同步光纤网SPC(Stored-Program Con trol存储程序控制SQL(Structured Query Lan guage 结构化查询语言SRAM (Static Random Access Memory 静态随机存储器SRPG (Strategies Role Play Games战略角色扮演游戏SSL (Secure Sockets Layer)安全套接层STDM(Synchronous Time Division Multiplexing) 同步时分复用STG(Shoot Game射击类游戏STP(Shielded Twisted-Pair )屏蔽双绞线SVGA (Super Video Graphics Array) 超级视频图形阵列TTCB(Tra nsmissio n Control Block)传输控制块TCP(Transmis sion Control Protocol )传输控制协议TCP/ IP(Transmission Control Protocol / Internet Protocol )传输控制协议/ 网间协议TDM(Time Division Multiplexing) 时分多路复用TDMA(Time Division Multiplexing Addres s) 时分多址技术TDR(Time-Domai n Reflectometer)时间域反射测试仪TFT(Thin Film Transistor Monitor) 薄膜晶体管显示器TFTP(Trivial File Tran sfer Protocol)简单文件传送协议TIFF(Tag Image File Format)标记图形文件格式TIG(Task In teraction Graph)任务交互图TLI(Tra nsport Layer In terface)传输层接口TM(Traffic Man ageme nt)业务量管理,流量管理TPS(Transactions Per Second() 系统)每秒可处理的交易数TSR(Termi nate and Stay Reside n终止并驻留TTL(Tra nsistor-Tra nsistor Logic)晶体管一晶体管逻辑电路TWX(Teletypewriter Excha nge)电传电报交换机UUART(Universal Asynchronous Receiver Transmitter 通) 用异步收发器UDF(U niversal Disk Format)通用磁盘格式UDP(User Datagram Protocol )用户数据报协议UHF(Ultra High Frequency) 超高频UI(User In terface )用户界面,用户接口UIMS(User In terface Ma nageme nt System 用户接口管理程序UNI (User Network In terface)用户网络接口UPA(Ultra Port Architecture)超级端口结构UPS(U nin terruptible Power Supply)不间断电源URI (Uniform Resource Identi fier )环球资源标识符URL(U niform Resource Locator)统一资源定位器USB(U ni versal Serial Bus)通用串行总线UTP(Unshielded Twisted-Pair )非屏蔽双绞线UXGA(Ultra Exte nded Graphics Array)超强图形阵列VVAD( Virtual Addres s Descriptors )虚拟地址描述符VAGP (Variable Aperature Grille Pitch) 可变间距光栅VAN( Value Added Network)增值网络VAP( Value-Added Process 增值处理VAS(Value-Added Server)增值服务VAX(Virtual Address eXte nsio n)虚拟地址扩充VBR(Variable Bit Rate)可变比特率VC(Virtual Circuit) 虚拟线路VCPI( Virtual Co ntrol Program In terface)虚拟控制程序接口VDD( Virtual Device Driver s) 虚拟设备驱动程序VDR( Video Disc Recorder )光盘录像机VDT( Video Display Termi nals)视频显示终端VDU (Visual Display Unit )视频显示单元VFS( Virtual File System)虚拟文件系统VGA( Video Graphics Adapter )视频图形适配器VHF (Very High Frequency)甚高频VIS( Video In formation System)视频信息系统VLAN(Virtual LAN) 虚拟局域网VLIW (Very Long Instruction Word)超长指令字VLSI (Very Large Scale In tegrati on)超大规模集成VMS(Virtual Memory System) 虚拟存储系统VOD( Video On Dema nd)视频点播系统VON( Voice On Net )网上通话VPN( Virtual Private Network) 虚拟专用网VR( Virtual Reality) 虚拟现实VRML(Virtual Reality Modeling Language) 虚拟现实建模语言VRR(Vertical Refresh Rate)垂直刷新率VTP(Virtual Terminal Protocol )虚拟终端协议WWAN(Wide Area Network) 广域网WAE(Wireles s Application En viro nment)无线应用环境WAIS(Wide Area In formation Service)广义信息服务,数据库检索工具WAP(Wireles s Application Protocol)无线应用协议WAV(Wave Audio Format )非压缩的音频格式文件WDM(Wavelength Division Multiplexing) 波分多路复用WDP(Wireless Datagram Protocol )无线数据包协议WFW(Wi ndows for Workgroups)工作组窗口WML(Wireles s Markup Lan guage)无线标记语言WMP(Windows Media Player)Windows 媒体播放器WORM(Write Once, Read Many time)写一次读多次光盘WWW(World Wide Web)万维网WYSIWYG(What You See Is What You Get)所见即所得XXGA( eXte nded Graphics Array)扩展图形阵列XML(eXte nsible Markup Lan guage)可扩展标记语言XMS(eXte nded Memory Speci ficatio n)扩展存储器规范XQL(eXte nsible Query Lan guage)可扩展查询语言XSL(eXtensible Stylesheet Language) 可扩展样式表语言ZZA( Zero and Add)清零与加指令ZBR( Zone Bit Recordi ng)零位记录制。
VDA6.1质量体系要素提问分类和提问数
VDA6.1质量体系要素提问分类和提问数(注:因为企业最高管理者及其下属管理层对质量保证模式的规定、实施与监控起决定性影响,所以他们的参与是标准的根本要求。
这在提问表的分类中反映出来,所提问题本身也兼顾这一点。
因此,所提问题必须由企业内有关部门的负责人来回答。
)一、提问数量:U部分企业领导01 管理职责 602 质量体系 603 内部质量审核 404 培训,人员705 质量体系的财务考虑 406 产品安全性 4Z1 企业战略 5U部分总提问数36P部分产品与过程07 合同评审 508 设计控制(产品开发)709 过程控制(过程开发)710 文件和资料的控制 511 采购712顾客提供的产品的控制 413产品标识和可追溯性714过程控制715检验和试验 616检验、测量和试验设备的控制 517不合格品的控制 418纠正和预防措施 419搬运、贮存、包装、防护和交付 620质量记录的控制 421服务(售后服务、生产后的活动) 522统计技术 6P部分总提问数89总提问数125[就ISO9002标准来说为125-7(-7)=118(111)个问题,如无“顾客提供的产品”则提问数为125-7(-7)-4=114(107)个问题]VDA6.1标准有关条款VDA标准提问的具体问题U部分01 管理职责01.1* 是否由企业最高管理者规定了质量方针,并公布于各级人员?01.2* 基于企业策划和质量方针制定了质量目标,并对其结果进行监控?01.3* 持续改进过程(KVP)是否是质量方针的组成部分?01.4 企业最高管理者是否提供了必要的资源?01.5* 是否明确指定管理者代表,并规定其任务、权限和职责?01.6* 最高管理者是否定期评价质量体系的有效性?02 质量体系02.1* 质量体系是否在质量手册或等同的文件中加以描述?02.2 质量体系是否包括了企业内部所有的部门、层次和员工?02.3* 对于所有影响质量的活动是否在程序文件中规定了任务、职责和权限?02.4* 是否进行包含质量策划过程的项目管理工作?02.5* 为满足质量要求对于必要的措施和行动是否进行质量策划?02.6* 是否具有包含质量策划结果的质量计划?03 内部质量审核03.1* 实施内部质量审核的人员(审核员AUDITOREN)是否具备资格,并且独立被审核的部门?03.2* 是否根据审核计划,对质量体系所属的要素进行内部质量审核,并加以评价?03.3*是否针对不符合项采取纠正措施,并进行记录?03.4*是否根据审核计划,对产品和过程的要求进行内部质量审核,并加以评价?04 培训、人员04.1 是否定期根据人员与只能情况了解测定培训要求,并由此对企业中的各级人员采取不同的培训计划?04.2 在培训计划中是否包含了在质量技术方面的培训进修计划?04.3 在培训计划中是否包含了企业的最高管理者和各级管理人员?04.4* 员工新聘或调动时,引入新的或更改了的过程、工作流程等时,是否对员工安排一个指导/培训计划?04.5* 员工是否具有从事其工作的资格?04.6 是否具有调动积极性和提高质量意识的措施?04.7* 在企业内是否有一个已达到的质量现状与目标的对照说明,并清晰易懂?05 质量体系的财务考虑05.1 是否规定反映质量体系有效性的财务报告的编制方法?05.2* 有关负责人是否定期编制财务报告,并做数据分析?05.3* 是否具有由于未达到质量要求(不合格)而造成内部损失的证明?05.4* 是否具有由于未达到质量要求(不合格)而造成外部损失的证明?VDA6.1标准有关条款06 产品安全性06.1 产品责任的原则在企业内部是否众所周知?06.2 对于那些需要质量方面特别证明的产品和特定特性,是否确定和标识这些产品和特性的程序?(存档责任)06.3* 是否有用于识别产品风险的程序?06.4 是否有限制不合格品(影响)的应急计划和程序?Z1 企业战略Z1.1企业中是否包含成本、销售、质量等方面的战略性的计划?Z1.2是否有测定经营结果的方法,并且定期运用,以便实施改进?Z1.3是否将企业的绩效数据与采用行业水准比较法或类似方法而的出的结果进行比较,并在必要时,由此采取改进措施?Z1.4*是否有测定顾客满意程度并查明变化的程序?Z1.5企业中员工的满意程度是否是最高管理者的原则,并且不断加以维护?P部分:产品与过程07 合同评审,营销质量07.1 营销功能是否包含在流程组织中?07.2* 是否对询价、投标、合同/定单评审其完整性和可实现性,并加以批准?07.3 在制定标书时,是否查明技术上和商业上的成本?07.4 是否存在顾客对产品和质量体系方面的质量要求?07.5 是否有程序确保所有的参与部门都能及时知道和理解所有的产品规范?08 设计控制(产品开发)09 过程控制(过程开发)10 文件和资料的控制10.1* 对文件的标识、保管、审核和批准,是否规定了职责和程序?10.2 对于文件是否具有带更改服务的分发和保管制度?10.3 是否规定了文件在何处保存、如何保存以及保存期限?10.4 如何确保外来文件被及时采用,并受控?10.5 是否确保无效的文件不被使用?11 采购11.1 在给供方的采购文件中,是否清楚完整地规定了对产品和绩效方面的质量要求?11.2* 是否对评价和选择供方做了规定?11.3 对外购产品是否规定了样品检验?11.4 企业是否规定了定期对其供方进行评价的程序?11.5 与供方是否有关于质量检验方法和职责方面的协议?11.6* 外购产品和绩效的质量是否得到保证?11.7* 供方所供产品的可追溯性是否得到保证?12 顾客提供的产品的控制13 产品标识与可追溯性13.1 对内部流程是否规定了产品标识?13.2 能否确保通过过程控制措施来满足对产品的质量要求?13.3 是否记录过程参数并记录偏差和所采取的措施?13.4 生产和检测器具在使用闲置期是否合理存放和保护?13.5* 是否保证只有满足质量要求的产品才能流到下一个过程/工序,才能进行交付?13.6 产品的特征数据是否能从交付追溯到进货?13.7* 对于批量生产的重新认可,是否具有相应的程序?VDA6.1标准有关条款14 过程控制14.1 是否对新的/维修过的机器(设备)以及在生产新产品和产品发生更改时进行能力调查?14.2* 对于新的和更改过的产品/过程,是否规定了批量生产认可的条件,并且与顾客商定?14.3 能否确保对重要的过程参数和产品特性进行监视和控制(调节)?14.4 对于设备和模具,是否具有模具管理和计划保养规定?14.5 是否规定了对特殊过程的要求?14.6 对产品和过程有影响的环境条件是否受控?14.7 是否通过相应的方法评价生产过程的有效性?15 检验和试验15.1 检验流程计划中的所有检验活动是否通过检验指导书加以说明?15.2 在检验指导书中是否规定了过程中的质量检验和相应的方法/技术?15.3 对外购的产品是否进行规定的质量证明?15.4 在过程/工序中是否进行规定的质量证明?15.5* 对最终产品是否进行规定的质量证明?15.6 是否有周期性检验和试验的证明?16 检验、测量和实验设备的控制16.1* 是否具有检验、测量和试验设备的鉴定、标识、控制、校准和保养的程序?16.2 是否规定了检验、测量和试验设备与国家和国际标准的联系(溯源性)?16.3 是否只有测量不确定度祖国小的检验、测量和试验设备才可投入使用?16.4 是否具有证明检验、测量和试验设备能力(检具能力)的程序?16.5 在检验、测量和试验设备发生故障和损坏时,是否规定了纠正措施?17 不合格品的控制17.1* 是否具有不合格品的控制程序?17.2 偏离规范的产品,供货前是否取得顾客的同意?17.3 返工是否根据计划实施,并且记录存档?17.4 是否有程序识别重复发生的不合格?18 纠正和预防措施18.1* 是否明确规定了落实和监督纠正措施的职责?18.2 是否有程序对可能的不合格进行风险估计并采取相应的预防措施?18.3 是否具有分析不合格原因的程序?18.4* 是否具有避免重复发生不合格的程序?19 搬运、贮存、包装、防护和交付19.1 是否具有“产品处置”(搬运、贮存、包装、防护和交付)的指导书?19.2 是否对发货前的包装和标识过程做了规定,并加以控制?19.3 是否能保证在贮存和运输过程中避免损坏或质量降低?19.4 是否有程序统计和消除包装不合格及运输损坏,并采取纠正措施?19.5 是否保证在运输和贮存过程中产品的标识?19.6* 是否有程序说明供货信誉?20 质量记录的控制20.1 对于质量记录的标识、审核和批准,是否规定了职责和程序?20.2 对于质量记录的分析评定和分发,是否具有程序和职责?20.3 是否规定了质量记录在何处保存、如何保存以及保存期限?20.4 合同约定时,是否规定质量记录如何提供顾客使用?21 服务(售后服务、生产后的活动)21.1 是否对产品使用和安装说明书的编制作出规定,并使说明书清楚易懂?VDA6.1标准有关条款21.2 是否具有进行产品观察的程序和产品使用阶段有关产品失效的早期报警系统?21.3 是否具有程序对使用中的产品失效进行分析,以及采取和监控纠正措施?21.4 售后服务只能是否包含在信息流中?21.5 如果有协议规定,是否具有服务活动的程序?22 统计技术22.1 是否了解使用统计技术的可能性并对其应用进行策划?22.2 在开发阶段,是否将统计技术应用于试验的策划和分析评定以及产品风险估计?22.3 对外购件的质量检验进行分析评定时是否应用统计技术?22.4 统计技术是否用于过程控制和过程优化?22.5 对最终的质量检验进行分析评定时,是否应用统计技术?22.6 统计技术是否应用于产品使用过程中的失效分析评定?VDA6.1标准条款详细内容01.1*是否由企业最高管理者规定了质量方针,并公布于各级人员?定义:质量方针(引用DIN EN ISO8402/3.1)由组织的最高管理者正式发布的该组织的质量宗旨和质量方向。
工程常用缩写
Engineering abbreviationA AirA/C Air ConditionerA/D Analog/DigitalA/G Above GroundABPR Animal ByproductsABS Acylonitrile Butadiene StyreneABS American Bureau of ShippingABWR Advanced Boiling Water ReactorAC Alternating CurrentAC Asphalt ConcreteACARP Australian Coal Association Research Program ACCU Air Cooled Condensing UnitACI American Concrete InstituteACS American Construction SocietyACT Automatic Custody TransferAD Acid DrainAD Anaerobic DigestionADC Average Daily ConsumptionADIP Amino Di IsopropanolADM Arrow Diagram MethodADR Aluminium Dome RoofAEDC Award Engineering/Design ContractAFBMA Anti Friction Bearing Manufacturers Association AFC Automatic Frequency ControlAFFF Aqueous Film Forming FoamAFNOR Association Francaise de NormalisationAFR Average Flow RateAGA American Gas AssociationAGC Associated General ContractorsAGC Automatic Generation ControlAGMA American Gear Manufacturers AssociationAH Acid HydrocarbonAH Arabian HeavyAHU Air Handling UnitAI Artificial IntelligenceAIHA American Industial Hygiene AssociationAISC American Institute of Steel ConstructionAISI American Iron and Steel InstituteAL AluminiumAL Arabian LightALARA As Low As Reasonably AchievableALARP As Low as Reasonably PracticableALE Abnormal Level EarthquakeALP Articulated Loading PlatformALS Accidental Limit StateAM Amplitude ModulationAM Arabian MediumAMH Actual ManhourAMRS Advanced Mobile Radio SystemANP Acid Neutralisation PitANSI American National Standards InstituteAOF Absolute Open FlowAOV Air Operated ValveAPCS Approved Protective Coating SystemAPD Automated Piping DesignAPI American Petroleum InstituteAPS Applications SoftwareAS Acid SewerASB Asymmetrical BeamASCE American Society of Civil EngineersASCII American Standard Code for Information Interchange ASD Allowable Stress DesignASHRAE American Society of Heating, Ventilation and Air C ASME American Society of Mechanical EngineersASP Aluminium Steel PolyethyleneASTM American Society for Testing and MaterialsATB All Trunks BusyATF Alternative Transport FuelsATM AtmosphericATM AtmosphereAUP Average Unit PriceAUT Automated Ultrasonic TestingA VB Atmospheric Vacuum BreakerA VG AverageAW Acid WasteAWEA American Wind Energy AssociationAWG American Wire GaugeAWO Additional Work OrderAWPA American Wood Preservers AssociationAWS American Welding SocietyAWW A American Water Works AssociationB&S Bell and SpigotB.C.D. Bolt Circle DiameterBB Bolted BonnetBBD Boiler Blow DownBBE Bevel Both EndsBC Bolted CoverBC Bolt CircleBCSA British Constructional Steelwork AssociationBD Bolt DownBDR Blast Design RequirementBDT Bulk Data TransferBE Beveled EndBEAST Building Evaluation and Screening ToolBEDD Basic Engineering Design DataBEE Bundesverband Erneuerbare EnergieBEP Break Even ProductionBEV Break Even ValueBF Blind FlangeBFD Block Flow DiagramBFP Backflow PreventionBFW Boiler Feed WaterBH BoreholeBICSI Building Industry Consulting Services Internationa BIOX Biological OxidationBL Battery LimitBLD BlindBLDG BuildingBLE Bevel Large EndBLEVE Boiling Liquid Expanding V apor ExplosionBM Bending MomentBMS Burner Management SystemBO Build, OperateBOB Bottom of BarrelBOD Barrels per Operating DayBOD Biochemical Oxygen DemandBOE Bevel One EndBOF Bottom of FoundationBOM Bill of MaterialBOO Build, Own, OperateBOOT Build, Own, Operate, TransferBOP Bottom of PipeBOP Balance of PlantBOP Blow Out PreventerBOPD Barrels of Oil Per DayBOS Balance of SystemBOT Build, Operate, TransferBPCD Barrels per Calender DayBPD Barrels Per DayBPS Bytes per SecondBR BronzeBRA Building Risk AssessmentBS British StandardsBS British SteelBS Bio SludgeBSD Building Standards DivisionBSE Bevel Small EndBSI British Standards InstitutionBST Baker-Strehlow-TangBTM BottomBTM Buoyant Turret MooringBTU British Thermal UnitBU Business UnitBW Butt WeldBWEA British Wind Energy Association BWPD Barrels of Water per DayC Centigrade; CelsiusC ChemicalC&I Controls and InstrumentationC/R Construction/RepairC/R Change RequestCA CausticCA Congested AreaCA Corrosion AllowanceCAD Computer Aided DesignCADD Computer Aided Drafting and Design CAE Computer Aided Engineering CALC CalculatedCALM Caternary Anchor Leg MooringCAM Congested Area ModellingCAMA Centralised Automatic Message Accounting CAN/CSA Canadian StandardsCAO Certified Acceptance by OperationsCAPEX Capital ExpenditureCARE Conservation Accreditation Register for Engineers CAS Caustic SewerCAT CatalystCB Control BuildingCB Catch BasinCBC Coupled Bonding ConductorCBM Coal Bed MethaneCBNG Coal Bed Natural GasCBR California Bearing RatioCBS Controllable Bent SubC-C Centre to CentreCCC Comodity Classification CodeCCEI Common Class Expansion IndicesCCIR International Radio Consulative Committee CCIS Common Channel Interoffice SignallingCCN Catalog Classification NumberCCO Current Cost OutlookCCPS Centre for Chemical Process SafetyCCS Computer and Communication ServicesCCS Compressor Control SystemCCS Carbon Capture and StorageCCTV Closed Circuit TelevisionCD Chemical DrainCD Closed DrainCDC Central Dispatch CenterCDR Critical Design ReviewCDS Central Dispatch SystemCEMA Conveyor Equipment Manufacturers Association CFP Capital Facilities PlanCFPE Chief Fire Prevention EngineerCFR Code of Federal RegulationsCGA Compressed Gas AssociationCGT Combustion Gas TurbineCGTG Combined Gas Turbine GeneratorCGTG Combustion Gas Turbine GeneratorCHP Combined Heat and PowerCHS Circular Hollow SectionCI Cast IronCIF Cost, Insurance, FreightCIF Community and Industrial FacilityCIRIA Construction Industry Research and Information Ass CIS Contract Information SystemCISHEC Chemical Industry Safety, Health and Environmental CJ Construction JointCJ Contraction JointCL Centre LineCM CentimeterCM Construction ManagerCMT Construction Management TeamCMU Concrete Masonry UnitsCMAA Crane Manufacturers Association of AmericaCNC Computer Numerically ControlledCNPP Country Nuclear Power ProfilesCO Change OrderCO Clean OutCOC Continuously Oily/Chemical Contaminated COGEN Combined GenerationCOL ColumnCOLA Cost of Living AllowanceCOMAH Control Of Major Accident HazardsCOMFAR Computer Model for Feasibility Analysis and Report CONC ConcentricCONN ConnectionCOT Character Orientated TerminalCOTS Commercial Off The ShelfCPF Central Processing FacilityCPLG CouplingCPT Cone Penetration TestCPU Central Processing UnitCPVC Chlorinated Polyvinyl ChlorideCR Computed RadiographyCR ChromiumCRS CentresCRSI Concrete Reinforcing Steel InstituteCRT Cathode Ray TubeCS Chemical SewerCS Construction StartCS Carbon SteelCSA Canadian Standards AssociationCSG Coal Seam GasCSIR Centre of Scientific and Industrial Research CSO Car Sealed OpenCSP Concentrated Solar PowerCSUD Construction Start Up DateCSW Clean Surface WaterCSW Clean Storm WaterCT Coiled TubingCTI Cooling Tower InstituteCTOP Cracked Tip Opening DisplacementCTS Construction Technical SupportCU CopperCW Chilled WaterCW Coated and WrappedCWO Chain Wheel OperatorCWP Cold Working PressureCWP Contractors Work PlanCWR Continuous Welded RailCWR Cooling Water ReturnCWS Cooling Water SupplyD&B Design and BuildD/C Direct ChargeD/P Differential PressureD-A Digital to AnalogDAF Dissolved Air FlotationDASD Direct Access Storage DeviceDA V Data Above V oicedB DecibelDB Design, BuildDB Duct BankdBA Decibels using the A-weighted scaleDBM Design Basis MemorandomDBO Design, Build, OperateDBOT Design, Build, Operate, TransferDBSP Design Base Scoping PaperDC Direct CurrentDCC Disaster Control CentreDCLM Direct Charge List of MaterialsDCS Distributed Control SystemDDC Direct Digital ControllerDDD Direct Distance DialDEA Di Ethanol AmineDEG DegreeDEL Direct Exchange LineDEMA Diesel Engineers Manufacturers Association DFT Dry Film ThicknessDFW Deaerator Feed WaterDGA Di Glycol AmineDI Ductile IronDIA DiameterDID Direct Inward DiallingDIF Dynamic Increase FactorDIM DimensionDIN Deutche Industrie Normen (German Standard) DM De-MineralisationDMS Dynamic Pile MonitoringDMW Demineralised WaterDN Diameter Nominal (Metric)DOBIS Dortmunder BibliothekssystemDOD Direct Onward DiallingDOE Department of EnergyDOT Department of TransportationDOX Direct Overhead ExpenseDP Data ProcessingDP Design PressureDP Dynamic PositionedDP Dial PulseDPC Destination Point CodeDPDT Double Pole Double ThrowDPSR Data Processing Service RequestDRN DrainDRP Distribution Requirement PlanningDS DownspoutDS Discipline SuperintendentDS Data StoreDS Drilling SitesDSC Dye Solar CellsDSI Digital Speech InterpretationDSW Distilled WaterDT Design TemperatureDT Duct TrimsDTDR Dial Tone Delay RecorderDTE Drill Through EquipmentDUV Data Under V oiceDVD Dedicated V oice DispatchDW Drinking WaterDWF Dry Weather FlowDWG DrawingDWT Dead Weight TonnesDWV Drain, Waste, VentE Exhaust SteamE&I Electrical and InstrumentationE&P Exploration and ProductionEA EachEAGE European Association of Geoscientists and Engineer EB Extended BonnetEC EurocodeEC Eddy Current Testing (Examination)ECC EccentricECD Energy Conversion DeviceECL Established Column LineEDH Electrical Duct HeaterEDM Engineering Department ManualEDMS Electronic Document Management SystemEDP Electronic Data ProcessingEEMUA Engineering Equipment and Material Users Associati EF Entrance FacilityEF Evaluation FactorEFD Engineering Flow DiagramsEFRT External Floating Roof TankEFW Electric Fusion WeldedEHF Extra High FrequencyEI End ItemEIA Emergency Instrument AirEIA Electronic Industries AssociationEIA Environmental Impact AnalysisEIS Equipment Inspection ScheduleEIV Emergency Isolation ValveEJ Expansion JointEL ElevationELE Extreme Level EarthquakeELFEXT Equal Level Far End Cross TalkELL ElbowELLIP EllipticalELSBM Exposed Location Single Buoy MooringEMC Electromagnetic CompatibilityEMD Electric Motor DriveEMI Electromagnetic InterferenceEMT Electrical Metallic TubingEOL ElboletEOR Enhanced Oil RecoveryEOT Electric Overhead TravellingEPC Engineering Procurement ConstructionEPCI Engineering Procurement Construction Installation EPCM Engineering, Procurement, Construction Management EPDM Ethylene-Propylene-Diene Terpolymer / EP Rubber EPIC Engineering Procurement Installation Commisioning EQ EqualER Expenditure RequestER Equipment RoomERC Expenditure Request CompletionERL Echo Return LossERM Environmental Resource ManagementERPG Emergency Response Planning GuidelinesERW Electric Resistance WeldedESD Emergency ShutdownESDU Engineering Sciences Data UnitESL Established Site LevelESO Engineering Service OrganisationESO Engineering Service OrderESP Ethane Separation PlantETA Estimated Time of ArrivalETBE Ethyl Tertiary Butyl EtherETLP Extended Tention Leg PlatformETPR Extended Thermal Plastic RubberETS Emissions Trading SchemeEW Eye WashEWA Extra Work AuthorisationEWH Electric Water HeaterEWO Engineering Work OrderF FahrenheitFAB FabricateFAO Food and Agriculture Organisation of the United Na FAT Factory Acceptance TestFBE Fusion Bonded EpoxyFBE Flange Both EndsFBHP Flowing Bottom Hole PressureFCAW Flux Cored Arc WeldingFCC Field Control CoordinatorFCC Fluid Cat CrackerFCO Floor Clean OutFD Floor DrainFD Dynamic ForceFDM Frequency Division MultiplexingFDN FoundationFDS Fire Detection SystemFE Finite ElementsFEA Finite Element AnalysisFED STD Federal StandardFEED Front End Engineering DesignFEM Finite Elements ModellingFEP Perfluoro (Ethylene-Propylene) CopolymerFES Flywheel Energy StorageFF First FlushFF Foundation FieldbusFF Finished FloorFF Flat FaceF-F Face to FaceFFL Finished Floor LevelFFP First Flush PondFFS Fitness For ServiceFFW Field Fillet WeldFG Fuel GasFGH High Pressure Fuel GasFGL Finished Ground LevelFGL Low Pressure Fuel GasFGRS Flare Gas Recovery SystemFI Indicating Flow MeterFIG FigureFIN FinishFLE Flexible Large EndFLEX FlexibleFLG FlangeFLNG Floating Liquified Natural GasFLO Flushing OilFLP Floating Loading PlatformFM Factory MutualFM Frequency ModulationFMR Field Material RequisitionFMU Fitting Make UpFNPT Female National (Taper) Pipe ThreadsFO Fuel OilFOB Flat on BottomFOE Flange One EndFOF Face of FlangeFOT Fiber Optic TransmissionFOT Flat on TopFP Full PortFPE Fair Price EstimateFPS Floating Production SystemFPSO Floating Production Storage and Offloading FPU Floating Production UnitFR&P Form, Rebar and PourFRED Fire Release Explosion DispersionFRL Finished Road LevelFRP Fibreglass Reinforced PlasticFRP Fibre Reinforced PlasticFS Finished SurfaceFS Feasibility StudyFS Forged SteelFS Flow SwitchFS Factor of SafetyFSE Flange Small EndFSHR Free Standing Hybrid RiserFSO Floating Storage and OffloadingFT Foot, FeetFTG FittingFTSPM Fixed Tower Single Point MooringFV Full VacuumFW Fillet WeldFW Fire WaterFWHP Flowing Well Head PressureFWHT Flowing Well Head TemperatureFAA Federal Aviation AdministrationG GramGA General ArrangementGA GaugeGALV GalvanisedGASMO Gulf Arab Standards and Measurement Organization GBE Groove Both EndsGC Gas CromatographGE Groove EndGEA Geothermal Energy AssociationGESC General Engineering Services ContractGFRP Glass Fibre Reinforced PlasticGG Gart GasGHG Green House GasGI General InstructionGIM Global Interface MeetingGIP Gas Injection PlantGJ Ground JointGLE Groove Large EndGMAW Gas Metal Arc WeldingGMP Guaranteed Maximum PriceGO Gear OperatorGOE Groove One EndGOM Gulf of MexicoGOR Gas Oil RatioGOS Grade of ServiceGOSP Gas Oil Seperation PlantGPF General Planning Forecastgpm Gallons per MinuteGPS Global Positioning SystemGR GradeGRND Ground(ed)GRP Glass Reinforced PlasticGS Gravity SewerGSE Groove Small EndGSI Geological Strength IndexGSKT GasketGSPD General Service Plant Depreciation GSPR General Service Potential RiseGSS Gravity Sewer SystemGSV Gross Standard V olumeGTAW Gas Tungsten Arc WeldingGTE General Telephone and Electronics GT-MHR Gas Turbine Modular Helium Reactor GWR Guided Wave RadarH HorizontalH HydrogenH2S Hydrogen SulphideHAZ Heat Affected ZoneHAZID Hazard IdentificationHAZOP Hazard and Operability StudyHB Hose BibbHB Hardness Brinell ScaleHCL Hydrochloric AcidHCR Hybrid Catenary RiserHD HeadHD Heavy DensityHD Holding DownHDB Hydrostatic Design BasisHDPE High Density PolyethyleneHDR HeaderHE Heat ExchangerHEX HexagonalHF Hard FacedHF High FrequencyHI Hydraulic Institute StandardHIC Hydrogen Induced CrackingHIPS High Integrity Protection SystemHK Hardness Knoop ScaleHLT Heap Leach TrialHMI Human Machine InterfaceHO High OrderHO Hydraulic OilHOV Hydraulic Operated ValveHP High PressureHP High PointHPFS High Point Finished SurfaceHPG Hyperion Power GenerationHPP High Point PavingHPPT High Pressure Production TrapHPTT High Pressure Test TrapHPAAS High Pressure Air Assist SystemHR Human ResourcesHR15N Hardness Rockwell 15N ScaleHRB Hardness Rockwell B ScaleHRC Hardness Rockwell C ScaleHRSG Heat Recovery Steam GeneratorHSE Health Safety & EnvironmentHSFG High Strength Friction GripHSG Hydrogen Sulphide GasHT Heat TreatmentHU HumidifierHV High V oltageHV Hardness Vickers ScaleHV AC Heating Ventilation Air ConditioningHVL Highly Volatile LiquidHW Hand WheelHz HertzI&C Instrumentation and ControlsI/O Input/OutputIA Instrument AirIALA International Association of Lighthouse Authoritie IAMG International Association for Mathematical Geology IAPMO International Association of Plumbing and Mechani IASS Interantional Association for Shell and Spacial St IBBM Iron Body Bronze MountedIBC International Building CodeIBN Institute Beige de NormalisationIBPS Intermediate Booster Pump StationIC Intermediate Cross ConnectICD Interface Control DocumentICD Inflow Control DevicesICE Institution of Civil EngineersICEA Insulated Cable Engineers AssociationICPR Interantional Concrete Repair InstituteICV Inflow Control ValveID Inside DiameterID Inch DiameterIDA International Development AssociationIEC International Electrotechnical Commision IEEE Institute of Electrical and Electronics Engineers IF Inertial FilterIF Intermediate FrequencyIFB Issue for BidIFC International Fire CodeIFC Issued For ConstructionIFR Internal Floating RoofIGCC Integrated Gasification Combined CycleIL Invert LevelILD Instrument Loop DiagramILO International Labour OrganisationIM IntermodulationIMC International Mechanical CodeIMO International Maritime OraganizationIMS Information Management SystemIMTS Improved Mobile Telephone SystemIN InchINS InsulationINT. InternalINTIB Industrial and Technological Information Bank IP Interface PointIPC International Plumbing CodeIPPT Intermediate Pressure Production TrapIPS Intermediate Pump StationIPTI International Petroleum Technology Institute IR Industrial RelationsIR InfraredIREC Interstate Renewable Energy CouncilIRHD International Rubber HardnessIRIS International Reactor Innovative and Secure IRM Inspection, Repair and MaintenanceIRR Internal Rate of ReturnISA Instrument Society of AmericaISA International Society for Measurement and Control ISBL Inside Battery LimitsISD Instrument Segment DiagramISF Industrial Support FacilitiesISLT Indian Spring Low TideISNRS Inside Screw Non Rising StemISO Isometric DrawingISO International Standards OrganizationISO International System StandardISRS Inside Screw Rising StemISS Instrument Specificaton SheetISTRUCTE Institution of Structural EngineersIT Information TechnologyITB Invitation to BidITCS Impact Tested Carbon SteelITP Inspection and Test PlansITS Indirect Tensile StrengthIWA Individual Work AreaJDA Joint Development AgreementJE Joint EfficiencyJIS Japanese Standards AssociationJV Joint VentureKCS Killed Carbon SteelKG KilogramKO Knock OutKPA KilopascalsL LengthL/M List of MaterialsLAN Local Area NetworkLAT Lowest Astronomical TideLCC Life Cycle CostLCD Liquid Crystal DisplayLDF Lay Down in FieldLDPE Low Density PolyethyleneLED Light Emitting DiodeLEL Lower Explosive LimitLFCP Local Fire Control PanelLFGTE Landfill Gas To EnergyLFL Lower Flammable LimitLIBIS Leuvens Integraal Bibliotheek SystemLJ Lap JointLLP Last Landed PriceLMTD Log Mean Temperature DifferenceLNG Liquified Natural GasLO Lube OilLOB Limited Open BookLODMAT Lowest One Day Mean Atmospheric Temperature LP Low PressureLPCPD Litres Per Capita Per DayLPD Loss Prevention DepartmentLPDCPD Litres Per Dental Chair Per DayLPDT Low Pressure Degassing TankLPFS Low Point Finished SurfaceLPG Liquified Petroleum Gas (Propane and Butane) LPG Liquified Petroleum GasLPHPD Litres Per House Per DayLPP Low Point PavingLPPT Low Pressure Production TrapLPSMPD Litres Per Capita Square Meter DayLPT Liquid Penetrant TestLPT Low PointLR Long RadiusLRFD Load and Resistance Factor DesignLS LumpSumLS Lump SumLS Lifting StationLS/PM Lump-sum Procure/BuildLSPB Lumpsum, Procure, BuildLSTK Lumpsum TurnkeyLT Lead TimeLTE Long Tangent ElbowLUP Land Use PermitLV Low V oltageLVL LevelLWN Long Welding NeckM MeterM/E Mechanical/ElectricalmA MilliampereMACs Moves, adds, changesMAG Metal Active Gas WeldingMATICS Material Inventory Control System MAWP Maximum Allowable Working Pressure MAX MaximumMBCD Thousand barrels per Calender Day MBD Thousandd Barrels per DayMBOD Thousand barrels per Operating DayMC Main Cross ConnectMCC Mechanical Completion Certificate MCT Multi Cable TransitMD Measured DepthMDEA Methyl-di-ethynol amineMDMT Minimum Design Metal Temperature MDOF Multi Degree of FreedomME MethanolME Manufacturing EngineeringMEA Mono Ethanol AmineMESG Maximum Experimental Safe GapMF Meter FactorMFAP Membrane Filtration Affinity Purification MFCL Material Flow Control ListMFG ManufacturerMFS Maximum Flooding SurfacesMH Man HoleMHA Motor Head AssemblyMI Malleable IronMIC Minimum Ignition CurrentMICA Materials Investment Control Analyst MIG Metal Inert Gas WeldingMIN MinimumMISC MiscellaneousMJ Movement JointMJ Mechanical JointMMA Manual Metal Arc WeldingMMI Man Machine InterfaceMMS Minerals Management ServiceMMscfd Million standard cubic feet per day MNPT Male National (Taper) Pipe ThreadsMO MolybdenumMO Mist OilMOD Ministry of DefenceMODU Mobile Offshore Drilling UnitMOF Materials Offloading FacilityMOPU Mobile Offshore Production UnitsMOSAIC Materials on Order Status Analysis Information and MOT Ministry of TransportMOU Memorandom of UnderstandingMOU Mobile Offshore UnitMOV Motor Operated ValveMP Magnetic Particle TestingMPFM Multiphase Flow MeterMPMS Manual of Petroleum MeasurementMPP Manpower Projection PlanMPTA Mechanical Power Transmission AssociationMR Material RequisitionMRC Maximum Reservoir ContactMRF Manpower Requirements ForecastMRO Maintenance Repair OperationsMS Mild SteelMSC Maximum Sustained CapacityMSC Metering Supervisory ComputerMSD Material Selection DiagramMSDS Material Safety Data SheetMSE Material System EnhancementsMSIS Material Supply Information SystemsMSL Mean Sea LevelMSO Material Supply OrganisationMSS Manufacturers Standardization SocietyMT Magnetic Particle Testing (Exam)MTBE Methyl Tertiary Butyl EtherMTBF Mean Time Between FailuresMTL MaterialMTO Material Take OffMTR Material Test ReportMTS Material Teleprocessing SystemMW MegawattMW Groundwater Monitoring WellMW MicrowaveMWO Maintenance Work OrderMWP Major Work PhaseMxF Male by FemaleN NitrogenN/A Not ApplicableNACE National Association of Corrosion Engineers NBR Nitrile-Butadiene/Nitrile of BunaN Rubber NCCI Non Contradictory Complimentary Information NCR Non Conformance ReportNCU National Currency UnitNDE Non Destructive ExaminationNDE Net Direct ExpenditureNEC National Electrical CodeNEI Nuclear Energy InstituteNEMA National Electrical Manufacturers Association NESC National Electric Safety CodeNEXT Near End Cross TalkNFPA National Fire Protection AssociationNG Natural GasNG-BUE Non Gaussian Best Unbiased EstimateNGL Natural Gas LiquidsNGLC Natural Gas Liquids CentreNHA National Hydrogen AssociationNI NickelNIPP NippleNIR Near InfraredNMC Network Maintenance CentreNOABL National Wind Speed DatabaseNOC National Oil CompanyNOCC Networks Operations Control CentreNOCC Network Operations Control CentreNPL Neutral Pressure LevelNPS Nominal Pipe SizeNPSH Net Positive Suction HeadNPSHA Net Positive Suction Head AvailableNPSHR Net Positive Suction Head RequiredNPT National (Taper) Pipe ThreadNPV Net Present V alueNPVR Net Present V alue RatioNRC Nuclear Regulatory CommissionNRS Non-Rising SternNRTL Nationally Recognised Testing Laboratory NSF National Sanitation FoundationNSSS National Structural Steelwork SpecificationNTS Not to ScaleO&G Oil and GasO&R Overhaul and RepairOAT Operational Availability TestOBE Open Book EstimateOCIMF Oil Companies International Marine Forum OCMA Oil Companies Materials AssociationOD Outside DiameterOGOEAD Oil and Gas Operations Exploration Applications Di OH On Hand QuantityOHS Occupational Health and SafetyOIO Operational Investment OverheadOO On Order QuantityOPEC Organisation of the Petroleum Exporting Countries OPEX Operating ExpenditureORGANIGRAM Organisational DiagramORIF OrificeOS On StreamOS Oppurtunity StudyOS Oily SludgeOS&Y Outside Screw and YokeOSBL Outside Battery LimitsOSHA Occupational Safety and Health Administration OSI Onstream InspectionOSP Oil Supply Planning and SchedulingOT Orienting ToolOTK Oil TankOTM Overturning MomentsOW Oily WaterOWP Oily Waste-Water PondOWPU Oily Water Pre-seperator UnitOWS Oily Water SewerOWSJ Open Web Steel JoistP Oil and Oil ProductsP&IC Purchasing and Inventory ControlP&IDs Process and Instrument DiagramsP/E Planning EngineerP/E Project EngineerP/L Pipe LinePA Process AirPARA ParagraphPATIS Purchasing and Traffic Information System PAW Plasma Arc WeldingPB Process BlockPBE Plain Both EndsPBMR Pebble Bed Modular ReactorPCA Portland Cement AssociationPCB Printed Circuit BoardPCC Powder Control CentrePCCI Power Capital Costs IndexPCI Precast/Prestressed Concrete InstitutePCL Project Construction LeaderPCOS Project Completion SystemPCPT Piezocone PenetrometerPCS Project Completion SchedulePCS Process Control SystemPDC Peak Daily ConsumptionPDM Precedence Diagram MethodPDMS Petroleum Database Management System PDO Plan for Development and OperationPDP Plasma Display PanelPDR Preliminary Design ReviewPDS Plant Design SystemPE Pond EffluentPE Plain EndPE PolyethylenePELFEXT Power Sum Equal Level Far End Cross Talk PEM Project Execution ManualPEP Project Execution PlanPERT Program Evaluation and Review Techniques PES Power and Energy SocietyPES Potential Explosion SitePETROMIN Petroleum and MineralPF Peak FactorPFA Perfluoro (Alkoxyalkane) CopolymerPFC Parallel Flange ChannelPFC Predicted Final CostPFD Process Flow DiagramPFR Peak Flow RatePG Purge GasPGA Peak Ground AccelerationPHC Peak Hourly ConsumptionP-I Pressure ImpulsePIB Process Interface BuildingPIC Indicating Pressure ControllerPIP Process Industry PractisePIP Pipe in PipePIV Post Indicator ValvePL PlatePLC Power Line CarrierPLC Programmable Logic ControllerPLE Plain Large EndPM Project ManagerPM&C Project Management and Construction PMC Project Management ConsultantPMC Project Management ContractPMI Positive Material IdentificationPMS Project Management ServicesPMSC Project Management Services Contract PMSD Project Materials Supply Department PMSO Project Material Services Organisation PMT Project Management TeamPO Pump OutPO Purchase OrderPO Pushed OnPOC Potentially Oil/Chemical Contaminated POE Plain One EndPOM Pipeline Operations ModulePOOH Pulled Out of HolePOS Point of SupportPP Project ProposalPP PolypropylenePPB Parts per BillionPPI Plastics Pipe InstitutePPM Parts per MillionPR Purchase RequisitionPR Pressure ReducerPR Pipe RackPRE-FAT Pre-Factory Acceptance Test。
TPE-GP系列高频电路实验学习机 实验指导书(2013-10-23)
电源再接线)。
(2).接线后仔细检查,确认无误后接通电源。
2.静态测量
实验电路中选Re=1K
测量各静态工作点,计算并填表1.1
表1.1
实测
实测计算
根据VCE
判断V是否工作在放大区
原因
VB
VE
IC
VCE
是
否
*VB,VE是三极管的基极和发射极对地电压。
3.动态研究
(1).测放大器的动态范围Vi~V0(在谐振点)
附录一
附录二
实验一调谐放大器
一、实验目的
1.熟悉电子元器件和高频电路实验箱。
2.熟悉谐振回路的幅频特性分析--通频带与选择性。
3.熟悉信号源内阻及负载对谐振回路的影响,从而了解频带扩展。
4.熟悉和了解放大器的动态范围及其测试方法。
三、预习要求
1.复习谐振回路的工作原理。
2.了解谐振放大器的电压放大倍数、动态范围、通频带及选择性相互之间关系。
3.实验电路中,若电感量L=1μH,回路总电容C=220pf (分布电容包括在内),计算回路中心频率f。。
二、实验仪器设备
1.双踪示波器
2.扫频仪
3.高频信号发生器
4.毫伏表
5.万用表
6.实验板G1
四、实验内容及步骤
(一)单调谐回路谐振放大器。
1.实验电路见图1-1
(1).按图1-1所示连接电路
(注意接线前先测量+12V图1-1单调谐回路谐振放大器原理图
2.熟悉并分析图3所示的实验电路,了解电路特点。
三.电路特点及实验原理简介
1.电路特点
本电路的核心是谐振功率放大器,在此电路基础上,将音频调制信号加入集电极回路中,利用谐振功率放大电路的集电极调制特性,完成集电极调幅实验。当电路的输出负载为天线回路时,就可以完成无线电发射的任务。为了使电路稳定,易于调整,本电路设置了独立的载波振荡源。
华为中级认证路由题库
1.某公司为其一些远程小型站点预留了网段,每一个站点有10 个IP 设备接到网络,下面的哪个VLSM 掩码能够为该需求提供最小数量的主机数目?A./27B./28C./29D./302.网段,可以提供多少主机地址?A.15B.30C.32D.643.判断:CIDR 使用VLSM 技术,突破了传统IP 地址分类边界,采用CIDR 可以把路由表中的若干条路由汇聚为一条路由,减少了路由表的规模。
A.TrueB.False4.汇总地址包含哪些子网?5.下面哪个地址可以配置在主机设备上?6.C 类地址子网掩码为,则每个子网可用主机地址数是:A.8B.6C.47.一台主机的地址为,则该主机需要发送广播报文,该报文发往的目的地址应该为?8.有一个子网网段地址是,掩码是,则该网段允许的最大主机IP 地址是:9.判断:网络设计采用分层的结构,一般可分为:核心层、汇聚层、接入层三层A.TrueB.False10.在对网络地址进行子网划分时,能得到如下哪个合法化的VLSM 子网?11.判断:可以为设备配置IP 地址,掩码为。
A.TrueB.False12.路由器收到一个数据包,其目标地址为,该地址属于以下哪个子网?13.当前正在使用地址空间,想通过子网掩码来划分该地址空间分给WAN链路使用。
一共能够为该WAN 链路提供多少个子网?A.30B.254C.126D.6414.一个C 类网络至少需要划分成5 个子网,每个子网最多20 台主机,则适用的子网掩码是15.汇聚路由包含了多少C 类网络?B.2C.8D.1616.对于网段,能够分配给主机最大的IP 地址是哪个?17.对于网段,下面哪个地址可以分配给主机?18.下面关于VLSM 特征的描述,不正确的有(请选择2 个答案)A.它能够支持IPv4 和IPv6B.它提供了重叠的地址范围C.在路由表中它考虑到了更好的路由聚合信息D.它允许子网能够进一步被划分为更小的子网19.网段被分割成了8 个子网。
天津理工大学 计算机网络题库
PART Ⅰ: ChoiceB 1. Which of the following services does not the transport layer provide for the application layer?A.In-order delivery of data segments between processesB.Best effort delivery of data segments between communicating hostsC.Multiplexing and demultiplexing of transport layer segmentsD.Congestion controlA 2. What are the two of the most important protocols in the Internet?A. TCP and IPB. TCP and UDPC. TCP and SMTPD. ARP and DNSC 3. The Internet provides two services to its distributed applications: a connection oriented reliable service and a ( ).A. connection oriented unreliable serviceB. connectionless reliable serviceC. connectionless unreliable serviceD. In order data transport serviceD 4. Processes on two different end systems communicate with each other by exchanging ( ) across the computer network.A. packetsB. datagramC. framesD. messagesA 5. The job of delivering the data in a transport-layer segment to the correct socket is called ( ).A. demultiplexingB. multiplexingC. TDMD. FDMC 6. Two important reasons that the Internet is organized as a hierarchy of networks for the purposes of routing are:A.Least cost and maximum free circuit availabilityB.Message complexity and speed of convergenceC.Scale and administrative autonomyD.Link cost changes and link failureB 7. Which of characters is not distance-vector algorithm’s characters?()A. iterativeB. globalC. asynchronousD. distributedD 8. The length of IPV6 address is ()bits.A. 32B. 48C. 64D. 128C 9. The host component of a CIDR address of the form a.b.c.d/25 can contain addresses for:A.225 hosts (minus “special” hosts)B.512 hosts (minus “special” hosts)C.2(32-25) hosts (minus “special” hosts)D.25 hosts (minus “special” hosts)C 10. The primary function of the address resolution protocol (ARP) that resides in Internet hosts androuters is:A.To provide LAN router functionsB.To translate between LAN addresses and physical interface addressesC.To translate IP addresses to LAN addressesD.To calculate the shortest path between two nodes on a LANA 11. The POP3 protocol runs over ____ and uses port ____.A. TCP 110B. UDP 110C. UDP 25D. TCP 25D 12.When a destination host transport layer receives data from the network layer, it unambiguouslyidentifies the appropriate process to pass the data to by using a triplet consisting of:A. Source port #, destination IP address, and source IP addressB. Destination port #, source port #, process ID#C. Destination port #, source port #, destination IP addressD. Destination port #, source port #, source IP addressD 13. From the list below, select the items found in the TCP segment structure that are not found in theUDP segment structure:A. Application Generated DataB. Destination Port #C. Source Port #D. Sequence #A 14. The RIP routing protocol is based on an algorithm that is:A. Based on information received only from link “neighbors”B. A link state algorithmC. An OSPF algorithmD. A centralized routing algorithmB 15. With an exterior routing protocol, which of the following issues generally dominates the routing decisions?A. Geographical distance between AS’sB. PolicyC. Number of AS’s traversedD. Current congestion levels in the AS’sA 1. End system are connected together by ____.A. communication linksB. application layerC. transport layerD. the network layerC 2. Which application’s NOT using TCP?A. SMTPB. HTTPC. DNSD. All of themB 3. In the polling protocols, the master node polls each of the nodes in a/an ____ fashion.A. randomB. appointedC. round-robinD. uncirculatedC 4. The DNS protocol runs over ____ and uses port ____.A. UDP 36B. TCP 36C. UDP 53D. TCP 53A 5. TCP provides a ____ service to its applications to eliminate the possibility of the sender over-flowingthe receiver’s buffer.A. flow-controlB. congestion controlC. reliability controlD. data connectionD 6. We can classify just about any multiple access protocol as belonging to one of three categories: channel partitioning protocols, random access protocols, and ____.A. address resolution protocolsB. Dynamic host configuration protocolsC. link-control protocolsD. taking-turns protocolsB 8. The maximum transfer unit(MTU) in Ethernet frame structure is ()byte .A. 1000B. 1500C. 800D. 2000B 9. The socket of UDP is identified by _____ and _______.A. source IP address and source port numberB. destination IP address and destination port number.C. source IP address and destination port number.D. destination IP address and source IP address.C 10. Which is not plug and play in the following four items?A. DHCPB. HubsC. RoutersD. SwitchesD 11.Which of routers is not default routers ?A. first-hop routerB. source routerC. destination routerD. second-hop routerB 13. ICMP is_____.A. the protocol of Application layerB. the protocol of network layerC. the protocol of transport layerD. not a part of TCP/IP protocolsB 14. As general, we has following channel partitioning protocols except ____.A. TDMB. CSMAC. FDMD.CDMAD 15. ____ is most used for error reporting.A. UDPB. SMTPC. FTPD. ICMPB 16. The header of IPV6 is ____byte.A. 20B. 40C. 60D. 80B 17. In the network layer these service are host-to-host service provided by ____. (B)A. the transport layer to the network layerB. the network layer to the transport layerC. the network layer to the network layerD. the transport layer to the transport layerA 18. If there is not enough memory to buffer an incoming packet , a policy that drop the arriving packet called ____.A. drop-tailB. packet lossC. protocolD. encapsulationC 19. In either case, a ____ receives routing protocol messages, which are used to configure its forwarding table.A. serverB. hostC. routerD. ModemD 20. Which of the following functions does not belong to PPP___.A. framingB. link-control protocolsC. network-control protocolsD. error correctionB 1. Which of the following services does the Internet network layer provide for the Internet transport layer?A.In-order delivery of data segments between processesB.Best effort delivery of data segments between communicating hostsC.Multiplexing and demultiplexing of transport layer segmentsD.Congestion controlD 2. The main task of the Internet’s Domain Name System (DNS) is to:A.Translate port numbers to IP addressesB.Specify the standards for Internet domain namesC.Provide an authority for registering domain namesD.Translate mnemonic(记忆的)names to IP addressesA 10. The FTP protocol runs over ____ and uses port ____.A. TCP 21B. TCP 80C. UDP 20D. TCP 110C 3.RDT3.0’s receiver FSM is same to:a) RDT1.0 b) RDT2.1 c) RDT2.2 d) RDT2.0B 4.The Transmission Control Protocol (TCP) provides which of the following services?a)End-to-end station addressingb)Application multiplexingc)Inter network routingd)Medium access control (MAC)D 6.Given that the requested information is not available at any intermediate databases, a non-iterated DNS query from a requesting host would follow the path:a)Root name server, local name server, authoritative name serverb)Authoritative name server, root name server, host name serverc)Local name server, root name server, local name server, authoritative name servere)Local name server, root name server, authoritative name serverA 8.lect the four essential steps, briefly described, for terminating a TCP connection between a client and a server, assuming that the initiating host is the client:(1)Client sends TCP segment with ACK0 and final sequence number(2)Client sends TCP segment with FIN =1 and goes into FIN_WAIT state(3)Server sends TCP segment to ACK the client’s FIN request and enters CLOSE_WAIT state(4)Server sends TCP segment with FIN=0(5)Server sends TCP segment with FIN=1(6)Client sends TCP segment with to ACK server’s FIN and enters second FIN_WAIT state(7)Client sends TCP segment with FIN=0a) 2,3,5,6 b) 5,1,2,3 c) 1,3,5,7 d) 2,3,4,6B 10.When compensating for link cost changes in the distance vector algorithm, it can generally be said that:a)Increased costs are propagated quickly, i.e., “bad news” travels fastb)Decreased costs are propagated rapidly, i.e., “good news” travels fastc)Decreased costs do not converged)None of the aboveB 14.As an IP datagram travels from its source to its destination:a)the source IP address is changed at each router to identify the sending routerb)the router uses the destination IP address to consult its routing tablec)the router does not use the IP addresses in the datagramd)the destination IP address is changed at each router to reflect the next hopC 15.From the list below, choose the bit pattern which could be a valid generator value for the CRC code (R) 11010:a)1110b)011010c)100101d)10011A 16.Consider sending a 1300 byte IPv4 datagram into a link that has an MTU of 500 bytes:a)Three fragments are created.b)Four fragments are created.c)Three fragments are created with offsets 0, 500 1000d)The last fragment consists of exactly 300 bytes of data from the original datagramC 17.Suppose one IPv6 router wants to send a datagram to another IPv6 router, but the two are connected together via an intervening IPv4 router. If the two routers use tunneling, then:a)The sending IPv6 router creates an IPv4 datagram and puts it in the data field of an IPv6datagram.b)The sending IPv6 router creates one or more IPv6 fragments, none of which is larger than themaximum size of an IPv4 datagram.c)The sending IPv6 router creates an IPv6 datagram and puts it in the data field of an IPv4datagram.d)The sending IPv6 router creates an IPv6 datagram and intervening IPv4 router will reject theIPv6 datagramD 18.Which of the following was an important consideration in the design of IPv6a)fixed length 40-byte header and specified options to decrease processing time at IPv6 nodesb)128-bit addresses to extend the address spacec)different types of service (flows) definedd)all of the aboveD 19.A network bridge table is used to perform the following:a)Mapping MAC addresses to bridge port numbersb)Forwarding frames directly to outbound ports for MAC addresses it handlesc)Filtering (discarding) frames that are not destined for MAC addresses it handlesd)All of the abovePART Ⅱ: True / False (1 points per question – total:20 points)1. The DNS server can update the records. (T)2. The TCP connection is a direct virtual pipe between the client’s socket and the server’s connection socket. (T)3. SMTP protocol connect the sender’s mail server and receiver’s mail server (T)4. Whereas a transport-layer protocol provides logical communication between processes running on different hosts, a network-layer protocol provides logical communication between hosts. (T)5. UDP and TCP also provide integrity checking by including right-detection fields in their headers. (F)6. If the application developer chooses UDP instead of TCP, then the application is not directly talking with IP. ( F )7. When we develop a new application, we must assign the application a port number. ( T )8. Real-tine applications, like Internet phone and video conferencing, react very poorly to TCP’s congestion control. ( T )9. The sender knows that a received ACK or NAK packet was generated in response to its most recently transmitted data packet. (T)10. To simplify terminology, when in an Internet context, we refer to the 4-PDU as a unit. (F)11. DV algorithm is essentially the only routing algorithm used in practice today in the Internet。
Arista MultiAccess产品简介说明书
MultiAccessLow latency, multi-user connection sharing in 53 nsMultiAccess is a network application that combines low-latency packet multiplexing with the ability to segregate traffic between individual clients, or groups of clients, via configurable filters.Arista MultiAccess enables the creation of a shared, low-latency infrastructure ideal for managed service providers or brokers providing direct access to clients .The MultiAccess application optimizes the paths for many-to-one environments where it is critical that clients maintain segregation of traffic between eachendpoint. These paths are further enhanced to allow the processing to occur at the fraction of the latency of a Layer 2/3 switch.Filtering is accomplished via configurable access control lists (ACL). Packets may be streamed through the filter using an aggressive cut-through technique, allowing for a very low latency of <100 ns. The filter logic determines whether the packet should be permitted or denied and, if the latter, the packet transmission is aborted.Optimized for• Arista 7130L and LB devices<53ns from client to serverDeterministicPacket FilteringAggregation* based on lowest latency configurationLatency TablesLow Latency ModesLow latency modes are highly optimised for low latency. Features that increase the latency are disabled in these modes,including VLAN support, ingress filtering, and large ACL scale:Table 1.1 Client to Server path – Low Latency modesServer to Client latency in Low Latency modes is similar to regular MultiAccess modes, however only ACLs up to 8 rulesdeep are supported:Table 1.2 Server to Client path modes Latency for the Server to Client return path for modes supporting larger ACLs on the return path. Using 7130-LB with 10G client and 10G server port configuration asa representative sample:Table 1.4 Server to Client return path modes – larger ACLsFull Featured ModesLatency for the Client to Server path for modes supporting VLANs, ingress filtering, and larger ACLs on the return path. Using 7130-LB with 10G client and 10Gserver port configuration as a representative sample:Table 1.3 Client to Server path modes – larger ACLsArista MultiAccess for Managed Service Providers & BrokersLower-latency Exchange AccessManaged Service Providers and Brokers offer their clients access to financial exchanges and can use MultiAccess to provide significantly lower latency than typical network switches.Arista MultiAccess allows these firms to share the connection to the exchange with more than one client, while maintaining isolation between the clients. MultiAccess hence provides an ideal solution combining multiplexing (aggregation) functionality with a high-performance return path; filtering the return-path individually per client. The latter benefit from significantly lower latency in their trading connectivity as well as smaller variation in that latency.Arista MultiAccess implements a number of features which enhance this use case, for example implementing ACL filters on ingress before multiplexing, and storm control, which can avoid specific clients using an unfair amount of the network capacity.Figure 1.4 Low latency exchange accessSanta Clara—Corporate Headquarters 5453 Great America Parkway,Santa Clara, CA 95054Phone: +1-408-547-5500Fax: +1-408-538-8920Email:***************Ireland—International Headquarters3130 Atlantic AvenueWestpark Business CampusShannon, Co. ClareIrelandVancouver—R&D Office9200 Glenlyon Pkwy, Unit 300Burnaby, British ColumbiaCanada V5J 5J8San Francisco—R&D and Sales Office 1390Market Street, Suite 800San Francisco, CA 94102India—R&D OfficeGlobal Tech Park, Tower A & B, 11th FloorMarathahalli Outer Ring RoadDevarabeesanahalli Village, Varthur HobliBangalore, India 560103Singapore—APAC Administrative Office9 Temasek Boulevard#29-01, Suntec Tower TwoSingapore 038989Nashua—R&D Office10 Tara BoulevardNashua, NH 03062Copyright © 2020 Arista Networks, Inc. All rights reserved. CloudVision, and EOS are registered trademarks and Arista Networks is a trademark of Arista Networks, Inc. All other company names are trademarks of their respective holders. Information in this document is subject to change without notice. Certain features may not yet be available. Arista Networks, Inc. assumes no responsibility for any errors that may appear in this document. 09/20WAN Link MultiplexingArista MultiAccess can be used to aggregate several sources of network traffic into a WAN link and, optionally, de-multiplex from a WAN link. Often these links can be bandwidth limited (e.g. 1 GbE) with MultiAccess being able to provide a low-latency translation to and from the bandwidth-limited link. The layer 1 functionality in the Arista 7130 can be used to tap those links.To reduce the traffic volume transmitted, Arista MultiAccess can filter market data down a single, bandwidth-limited (1GbE) line. VLAN tagging and stripping can be used to multiplex multiple independent layer 2 links into a single VLAN trunk to be transmitted and then de-multiplexed. The link partner may be a traditional VLAN-aware switch, or another instance of MultiAccess.Figure 1.5 WAN Link Multiplexing。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
PeerAccess:A Logic for Distributed AuthorizationMarianne Winslett University of Illinois atUrbana-Champaign Urbana,IL61801,USA winslett@Charles C.ZhangUniversity of Illinois atUrbana-ChampaignUrbana,IL61801,USAcczhang@Piero A.BonattiUniversit`a di NapoliFEDERICO IINapoli,Italybonatti@na.infn.itABSTRACTThis paper introduces the PeerAccess framework for reasoning about authorization in open distributed systems,and shows how a param-eterization of the framework can be used to reason about access to computational resources in a grid environment.The PeerAc-cess framework supports a declarative description of the behavior of peers that selectively push and/or pull information from certain other peers.PeerAccess local knowledge bases encode the basic knowledge of each peer(e.g.,Alice’s group memberships),its poli-cies governing the release of each possible piece of information to other peers,and information that guides and limits its search pro-cess when trying to obtain particular pieces of information from other peers.PeerAccess proofs of authorization are verifiable and nonrepudiable,and their construction relies only on the local infor-mation possessed by peers and their parameterized behavior with respect to query answering,information push/pull,and informa-tion release policies(i.e.,no omniscient viewpoint is required).We present the PeerAccess language and peer knowledge base struc-ture,the associated formal semantics and proof theory,and exam-ples of the use of PeerAccess in constructing proofs of authoriza-tion to access computational resources.Categories and Subject DescriptorsK.6.5[Management of Computing and Information Systems]: Security and Protection;D.4.6[Operating Systems]:Security and Protection-Access ControlGeneral TermsSecurity,Languages,TheoryKeywordsP2P systems,distributed authorization,logical signature,sticky poli-cies,release policies,proof hints1.INTRODUCTION AND RELATED WORK Authorization approaches for distributed systems where resources are accessed across organizational boundaries have become a topic Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on thefirst page.To copy otherwise,to republish,to post on servers or to redistribute to lists,requires prior specific permission and/or a fee.CCS’05,November7–11,2005,Alexandria,Virginia,USA.Copyright2005ACM1-59593-226-7/05/0011...$5.00.of industrial and research interest in recent years,with reputation systems and trust negotiation emerging as two particularly interest-ing research directions([3,5,6,9,11,12,13,16,17,20,22,23,24, 25],to mention just a few).In attempting to build and deploy an au-thorization system based on trust negotiation for a particular open system(shared access to high-performance computing resources), we found that the theory developed for authorization in open sys-tems did not include all the features that we needed to reason about the runtime behavior of the system,or to account for all the actions that parties in the system needed to take at run time.The need was particularly acute in the area of reasoning about helpful third par-ties at run time,such as information brokers,credential and policy repositories,and third-party authorization services.A peer Alice may need to contact several such parties as she attempts to con-struct a proof that she is authorized to use a particular service,and she needs a principled way to determine who to contact,what to ask for,what kind of answers to expect,and when to give up.She needs a way to explain who she is and why she is asking for help,as her intended purpose may determine whether a third party is willing to help her,or may influence the answer that it gives her.Alice also needs a way to set limits on what can be done with the personal in-formation that she gives out,and to determine what she is allowed to do with the information that others give to her.She also needs to be able tofilter out incoming information and queries that are of no interest to her(e.g.,spam and porn).She needs to be able to interact successfully with parties that push information to her,and with parties that she must query to get information.Other researchers have examined many of the separate aspects of this problem.For example,[2]studies the problem of creating distributed proofs under an information pull paradigm,when all peers cooperate to the maximum extent possible.The authors of [18]study the problem offinding needed credentials at run time, and propose a solution based on credential typing(e.g.,query the issuer tofind a certain kind of credential).Other papers[1,10] present a runtime system for constructing distributed proofs of au-thorization,given authoritative information on where to go tofind needed credentials.In a similar way,in[3,4,13,14]policies en-code information about where to go tofind certain needed facts. These and the other works cited above study useful pieces of the picture,but we found that the separate pieces often did notfit to-gether to form a solution to our real-world situation.For example, real-world peers do not exhaustively try to answer all queries they receive,as in[2].A peer may behave quite differently depend-ing on who is asking for help and why they are asking for help. We wanted a way to talk about sticky policies[15](release poli-cies that are permanently attached to the information they protect), but also wanted to be able to describe non-sticky policies within the same open system.In[1],credentials have sticky release poli-cies,and those policies are propagated to all conclusions derived using those credentials.This interesting approach will be too re-strictive for many situations,and it is embedded into the syntax of the language,making it hard to change.A type-based credential discovery system,as in[18],is notflexible enough to model the evolving behavior of credential and authorization servers in compu-tational grids,where there is often no visible relationship between the party whose signature Alice wishes to have on a fact and the party Alice must go to to obtain that signature.In[3,4,10,13], information on where to obtain each credential is expressed by la-beling each credential occurrence in a policy with exactly one peer. Credential location hints are affixed inside the policy and must be replicated in each rule,although the strategy forfinding a creden-tial often depends on the credential class and not on the rule where the credential is referred to—a kind of replication that may intro-duce errors.In general,decoupling access control policies from negotiation-related decisions such as credential fetching strategies, release policies,etc.,seems a good policy engineering principle, and a step towards declarative negotiation control.Close to our work,[21]proposes a logic based formulation that supports dele-gatable authorizations;[7]adopts a metapolicy-based approach as in our paper.However,neither of them considers such features as sticky policies,credential discovery,or exposure issues.We know of no preexisting approach that allows one to reason about the runtime behavior of a very diverse set of peers,some of whom push information,some pull information,and some mix the two paradigms.Further,preexisting work did not consider potential in-teractions between various features(e.g.,sticky policies on hints about where to go to obtain information about sticky policies).In this paper,we propose the PeerAccess framework,which pro-vides an infrastructure and language to model and reason about dis-tributed authorization in open systems.As the framework is broad and generic,we only present an instantiation of it that is suitable for use in reasoning about access to a grid of computational re-sources.We introduce the architecture and describe the language in section2,then present PeerAccess knowledge bases in section 3,release policies in section4,semantics andfixpoint characteriza-tion in section5,proof theory in section6,proof hints and queries in section7,andfinally conclude in section8.2.FRAMEWORK AND LANGUAGEThe PeerAccess framework supports a possibly infinite set of peers,each with its own separate knowledge base(KB)of policy-related information(figure1).Peers communicate with one an-other by pushing information in messages,or by pulling informa-tion through queries.The high-level behavior of each peer(i.e., what information it pushes and to whom,whose queries it tries to answer,how hard it tries to answer them,and the kinds of answers it gives)is determined by declarative event-condition-action rules for that peer.The lower-level behavior of each peer is determined by the contents of its KB,which include its own local knowledge and information that it has received from others.Its KB includes tight controls on what information it can send out or receive in messages, and hints regarding what peers to contact for help if it is trying to prove certain types of conclusions.At a high level,the language for KBs and messages can be thought of as logic programs with an open-world semantics,plus two modal operators related to the says operator of BAN logic[8](to provide nonrepudiation for mes-sage contents and justification of proof results),plus a sprinkling of second-order constructs to allow declarative specification of infor-mation release policies and hints about how to construct proofs(but without introducing high runtime complexity).The PeerAccess policy language consists of a modal language—called the base language—and a modal metalanguage,each with a separate countable pool of variables.Roughly speaking,the baselanguage specifies basic access control policies and related rules;the metalanguage specifies metapolicies that determine the dynamicbehavior of the system.The base policy language is based on standard Datalog atoms,built from a countably infinite supply of constants(to model open domains).A distinguished subset of the constants,N,contains allpossible peer names.The set of predicates is application depen-dent.We italicize variable names,to distinguish them from con-stants,functions,and predicate names.At the base level,modalatoms,called facts,are expressions of the form“P signsα”or“P lsignsα”,where P∈N andαis a Datalog atom.A rule is an expression f0←f1∧···∧f n,where each f i is a fact and n≥0.Facts are special cases of rules,where n=0.If f0isof the form“P signsα”,then the rule or fact is directly signed byP;otherwise,f0has the form“P lsignsα”and the rule or fact islogically signed by P.(We will omit the signatures on equality andinequality atoms,since all peers agree on the truth of such atoms.) In the metalanguage,the set of terms includes the metavariablesplus a distinct function name¯s for each symbol s of the two lan-guages(variables,constants,and logical connectives),satisfying ¯s=¯s.In this way,each base or metaexpression e can be repre-sented by a metaterm¯e built with the naming functions.To enhancereadability,we shall simply write¯e as e;the context will always make clear whether e is playing the role of a term or a rule.The(nonmodal)atoms of the metalanguage are built in the usual wayfrom metaterms and metapredicates.Facts are defined as above,i.e.,as modal metalanguage atoms.Rules have the same formas above;their bodies may contain both base facts and metafacts, while the head f0must belong to the metalanguage.Variable in-stantiations must map each variable to a term of the same level,so that every instance of a well-formed expression is well-formed,too. Each peer has a separate knowledge base(figure1)of facts, rules,and received messages.Each KB contains the followingfi-nite sets of formulas,each described in detail in a later section:1.Its base policies,which are rules over the base language.2.All messages it ever received from other peers.Each mes-sage is afinite set of rules.(In this paper,we will not makeuse of the set of messages sent by a peer.)3.Its release policies,containing rules about release predicates.4.Its hints forfinding proofs,containing rules about the‘find’metapredicate.5.Its exposure policies,which act as afirewall to restrict in-coming and outgoing information.To conserve space,wewill not discuss exposure policies in this paper.D EFINITION1(KB).A PeerAccess global KB P contains one local KB for each peer:P={(j,P j)|j∈N}where P j is peer j’s local KB,i.e.,the set of all messages it has received and its base,release,and proof hint policies;and N is the set of all peer names in the language.We will omit“global”and“local”when referring to a KB,when the context is clear.Figure1:PeerAccess architecture and KB structure.Unidirectional arrows indicate information pushed from one peer to another. Bidirectional arrows indicate queries and responses.3.BASE POLICIESIntuitively,the directly signed fact“Alice signsα”in Bob’s KB means that Alice has asserted in a non-repudiable manner thatαholds at Alice—e.g.,Alice has digitally signedαand sent out a message whose contents have eventually made their way to Bob. The logically signed fact“Alice lsignsα”in Bob’s KB means that Bob has nonrepudiable evidence that leads to the conclusion that Alice would be willing to digitally signα,if shown this evidence. The meaning of directly and logically signed rules is similar:Alice sends her directly signed rule to Bob to convince him that the logi-cally signed counterpart of the rule(created by replacing“signs”by “lsigns”in the rule head)is true at Alice.We assume that whenever Alice wants to send a message to Bob,she succeeds in sending the message,Bob receives it successfully,and Bob is able to verify that its contents have not been tampered with and were actually signed by their reputed signers.We present the formal semantics for signs and lsigns in Section 5;for the moment,it suffices to explain the three major character-istics of signs and lsigns that must hold in every KB interpretation at every peer:1.If a directly signed rule is true at a peer Alice,then its logi-cally signed counterpart is also true at Alice.2.If facts f1through f n and the logically signed rule f←f1∧···∧fn are all true at a peer Alice,then f is also true at Alice.3.If a rule logically signed by Alice is true at Alice,then so isits directly signed counterpart.Before any peer has sent out any message,we require that each local KB contain only self-signed statements.This ensures that if Alice’s KB eventually contains a fact directly signed by Bob,then Bob’s KB does also.Our running example models the behavior of the Community Authorization Service(CAS)[19]under several different possi-ble trust assumptions.CAS is a third-party authorization service that simplifies the task of making a resource available on a high-performance computing grid,by offloading authorization reason-ing from the resource manager to CAS.For example,consider the shake table,an earthquake simulation device that is managed by Bob,under the following possible scenarios.1Example1a.In this example,Bob owns and brokers all access to the shake table,and makes and directly signs his own authoriza-tion decisions.In particular,Alice will be able to access the shake table if“Bob signs auth(shaketable,Alice)”is true at Bob.Bob may store a list of authorized users/groups internally,or he may delegate his reasoning to CAS as follows:Bob:Bob lsigns auth(shaketable,X)←CAS signs auth(shaketable,X) Bob’s base policy says that he will give Alice access if he has a statement directly signed by CAS,saying that Alice is authorized. If Bob’s KB interpretation satisfies“Bob lsigns auth(shaketable, Alice)”,then it also satisfies“Bob signs auth(shaketable,Alice)”. Example2a.Let us change Bob’s KB by one letter:Bob:Bob lsigns auth(shaketable,X)←CAS lsigns auth(shaketable,X) Now Bob wants a logical signature on CAS’s proof of authoriza-tion,rather than requiring a direct signature from CAS.In otherwords,Bob is now asking for a proof that would convince CAS that Alice is authorized to access the shake table.The pieces of the proof need not come directly from CAS.For example,for greater protection against attack,CAS could pre-sign its authorization-related rules and facts off line,and push them to a repository CAS-DB that does not have access to CAS’s private keys.Then CAS-DB’s base policies and received messages can be as follows:CAS-DB:CAS signs auth(shaketable,X)←CAS signs authgroup(shaketable,G)∧CAS signs member(G,X) CAS signs authgroup(shaketable,earthquake)CAS signs member(earthquake,Alice)To convince Bob that Alice can access the shake table,it sufficesto send Bob a message containing CAS-DB’s rule and facts.Once Bob receives this message and incorporates its contents into his KB,the three principles outlined earlier guarantee that CAS lsigns auth(shaketable,Alice)is true at Bob.Example3a.If the body of CAS-DB’s rule uses‘lsigns’insteadof‘signs’,then we have the possibility that the proof of group mem-bership is defined by other rules:CAS-DB:CAS signs auth(shaketable,X)←CAS lsigns authgroup(shaketable,G)∧CAS lsigns member(G,X) CAS signs member(G,X)←O lsigns member(G,X)∧CAS lsigns owner(G,O)CAS signs authgroup(R,G)←O lsigns authgroup(R,G)∧CAS lsigns owner(R,O)Here CAS is not responsible for maintaining the lists of current group members or authorized groups.Instead this task is delegatedto the owners of each group and resource.The group owners may have cached their signed group membership lists at CAS-DB,or may provide them on demand to CAS-DB or to the group members,as discussed later.4.RELEASE POLICIESIn PeerAccess,peers exchange information by sending messagesto one another.Every fact and rule that a peer Alice sends out ina message must be true at Alice and must also be releasable.A release policy signed by peer P gives the conditions under whichP thinks that it is permissible for a fact or ruleφto be sent in a message from peer S to peer R.In this paper,we will consider release policies over the srelease(sticky-release)predicate,which take the following form,and its logically signed counterpart:P signs srelease(φ,S,R)←f1∧···∧f n,where P,S,and R are peer names or variables;φis a term over the release policy language(e.g.,a base rule or a proof hint(de-fined later));and f1through f n are facts,with n≥0.Intuitively, srelease semantics stipulate that a peer Alice can send peer Carla a fact or ruleφdirectly signed by Bob if(1)φis true at Alice,and(2)“Bob lsigns srelease(φ,Alice,Carla)”,“Carla=Alice”,or“Carla=Bob”is true at Alice.In other words,Alice can only send outa formula signed by Bob if she is sending it to herself or to Bob,or she can prove that Bob thinks that it is okay for her to send the message out.Further,Alice can only send out facts and rules that she believes to be true.The srelease policies are sticky:the signer of a particular pieceof information retains control over its future dissemination to other peers.(Of course,a malicious peer can choose to violate the con-ditions in a sticky policy,if it is not afraid of the potential legal and social ramifications of doing so.)Sticky policies are desir-able and even legally mandated in many situations,but other sit-uations may require a graceful approach to declassification of in-formation,or even stronger control over the use of released infor-mation(e.g.,control over the dissemination of conclusions reached by using that information).In the PeerAccess framework,addi-tional release predicates can be defined tofit the needs of a par-ticular set of peers,including limited forms of declassification and the ability to spread rumors(lsigned and unsigned formulas)and lies(formulas not true locally).For example,a direct but unsigned communication“auth(Alice,shaketable)”from CAS might con-vince Bob that“CAS lsigns auth(Alice,shaketable)”is true,but CAS could repudiate such a statement,and Bob would be unable to use CAS’s message to convince a third party that“CAS lsigns auth(Alice,shaketable)”is true.While these variations are inter-esting in their own right,in this paper we confine our attention to the release of directly signed rules.The three principles given earlier regarding the meaning of sig-natures on base facts and rules also apply directly to release facts and rules.We also have two additional principles to govern the re-lease of srelease policies.In general,release policies may contain sensitive information and should not be indiscriminately released. We do not allow the user to define explicit KB policies governing the releasability of srelease policies,because srelease is intended to be so simple to use that peers will never have to define such poli-cies.Instead,the releasability of srelease formulas is defined by two principles,which will be formalized later on.Oversimplifying slightly,thefirst principle allows Alice to send Carla an srelease ruleφthat is directly signed by Bob ifφis true at Alice andφ’s head is of the form“Bob signs srelease(α,Carla,-)”,whereαis di-rectly signed by Bob.The intuition is that if Bob authorizes Carla to disseminate a piece of information,Bob should allow Carla tofind out that she is authorized to disseminate the information.A second principle helps with longer dissemination chains:David can send φto Alice ifφis true at David,φ’s head has the form given above, and David knows that Alice can sendφto Carla.When a peer Alice receives a message,she checks to see whether her exposure policies(not discussed in this paper)allow her to re-ceive each rule in the message.She adds each receivable directly signed rule to her set of received messages S Alice,and she adds the logically signed counterpart of that rule to the appropriate section of her knowledge base.Let us revisit examples1-3to see the effect of release policies. Example1b.(Bob makes and signs his own authorization deci-sions for the resource he owns.)For Bob to be able to tell Alice that she is authorized,Bob can use rules of the form:Bob:Bob lsigns srelease(Bob signs auth(X,Y),Bob,Y)Bob lsigns srelease(Bob signs auth(X,Y),Y,X)Bob’sfirst release fact says that he will release an authorization decision to the principal who is authorized by that decision.This allows Bob to tell Alice that she is authorized to access the shake table.However,this may not be enough for Alice to be able to use that authorization,e.g.,if she has to present that authorization to the shake table herself.To do so,Alice must know that Bob says that it is okay for her to release his authorization decision to the shake table.Bob’s second release fact accomplishes this goal.By the principles given above,Bob can send a directly signed version of his second release fact to Alice.If he sends her his authorizationdecision and the release policy,her KB will contain:Alice:Bob signs auth(shaketable,Alice)Bob signs srelease(Bob signs auth(X,Y),Y,X)At this point,Alice can access the shake table by sending it“Bob signs auth(shaketable,Alice)”,because that formula is satisfied in her interpretation and“Bob lsigns release(auth(shaketable,Alice), Alice,shaketable)”is also.While Bob’s proposed release rules are a good start,they are in-sufficient for use on the computational grids that CAS is designed for.The problem is that on those grids,Alice delegates her author-ity to a subjob,which in turn delegates its authority to a subjob,and so on,until eventually a subjob accesses the shake table.The rules given above only allow Alice to give her decision directly to one party,who cannot release it further.To allow Alice to release the authorization to someone who could in turn release it again,Bob can add the following rule to his release policies:Bob lsigns srelease(Bob signs auth(X,Y),Z,W)←Z=Bob The principles outlined earlier imply that Bob can release this new release policy to anyone.If the policy is too generous for Bob’s tastes,he could add restrictions on the recipient W to the body of the rule,e.g.,W must be a member of NeesGrid,a friend of Bob, a proxy of Alice,etc.He could even require that he himself certify the property in question,e.g.,Bob lsigns member(NeesGrid,W). Any such restrictions in the policy will also limit the set of peers that Bob can disclose the policy to.One weakness of this version of Bob’s release policies is that he does not allow Alice to impose her own additional controls on who is allowed to see“Bob signs auth(shaketable,Alice)”.If the shake table were a sensitive resource,Alice might not want her authorization to be released to just anyone.Tofix this problem, Bob can replace his third release policy by the following:Bob:Bob lsigns srelease(Bob signs auth(X,Y),Z,W)←Z=Bob∧Y lsigns condRelease(Bob signs auth(X,Y),Z,W) Here Bob’s original srelease condition,Z=Bob,has been aug-mented with a second condition that says that the authorized prin-cipal(e.g.,Alice)must also agree that Bob’s statement can be re-leased from peer Z to peer W.With this additional restriction,“Bob signs auth(shaketable,Alice)”can only be sent to additional peers when both Bob and Alice agree that it can be sent.Even this new version of Bob’s release policies might not satisfy Alice,who might wish to unilaterally impose additional release constraints of her own on the information from Bob that passes through her hands.For example,if Bob is a child and Alice is his mother,Bob might be willing to pass his own information on to anyone.To protect her family’s privacy,however,Alice may wish to limit the further disclosure of Bob’s information,at least in the case where that information has passed through her hands.Peers can impose such controls if we employ a release predicate with more restrictive semantics than srelease.Let us now loosen the restriction that Bob makes his own autho-rization decisions,and have Bob delegate part of that task to CAS. To accomplish this,we add two additional rules to Bob’s KB: Bob:Bob lsigns auth(shaketable,X)←CAS signs auth(shaketable,X) Bob lsigns srelease(Bob signs auth(shaketable,X)←CAS signs auth(shaketable,X),Z,W)Bob publicly declares that he relies on CAS for his authorization decisions.Hisfirst release policy allows him to send his rule to Alice when she wants to access the shake table.When Alice ob-tains releasable evidence from CAS that she is authorized to access the shake table(i.e,“CAS signs auth(shaketable,Alice)”,along with“CAS signs srelease(CAS signs auth(R,X),Y,Z)”),she can present the fact“CAS signs auth(shaketable,Alice)”to Bob along with his delegation rule.(She can present the rule to him because he signed it.So,she can send the rule back to Bob even though he does not send her a copy of his release policy for the rule.)CAS’s fact and Bob’s rule together imply that Bob lsigns auth(shaketable, Alice),so Bob should be convinced that Alice can access the shake table.At this point,“Bob lsigns auth(shaketable,Alice)”is true at Bob,from which it follows that“Bob signs auth(shaketable,Al-ice)”is also true at Bob.Further,Bob’s original release policy shows that the authorization“Bob signs auth(shaketable,Alice)”can be released to Alice.Bob can also send Alice his conditional release rule,which lets Alice do anything she likes with the autho-rization that he gives her.Example2b.In this case,CAS has delegated its authorization tasks to CAS-DB,and Bob wants to see a proof from CAS that Alice can access the shake table:Bob:Bob lsigns auth(shaketable,X)←CAS lsigns auth(shaketable,X) Bob lsigns srelease(Bob signs auth(shaketable,X)←CAS lsigns auth(shaketable,X),Y,Z)CAS-DB:CAS signs auth(shaketable,X)←CAS signs authgroup(shaketable,G)∧CAS signs member(G,X) CAS signs authgroup(shaketable,earthquake)CAS signs member(earthquake,Alice)If we adopt the same approach to release rules as in Example1b, then CAS-DB would have the release policy“CAS signs srelease(CAS signs auth(R,X),Y,Z)”.This is not helpful,as CAS-DB cannot derive any facts of the form“CAS signs auth(R,X)”;CAS-DB can only derive logically signed authorizations.CAS needs to authorize CAS-DB to release all the details of the proof,so that CAS-DB can convince others that it is faithfully mirroring CAS’s reasoning:CAS-DB:CAS signs srelease(CAS lsigns auth(shaketable,X)←CAS signs authgroup(shaketable,G)∧CAS signs member(G,X),Y,Z) CAS signs srelease(CAS signs authgroup(X,G),Z,W)CAS signs srelease(CAS signs member(G,Y),Z,W)For brevity,we have set up these three release policies so that ev-erything is publicly releasable.In practice,CAS would probably prefer to be less trusting of CAS-DB,and only authorize CAS-DBto release Alice’s membership credential to Alice,while still al-lowing Alice to release it to anyone she chooses.Similarly,CAS might choose to limit the initial release of authgroup(shaketable, earthquake)to members of the earthquake group.CAS could also limit the initial release of its delegation rule so that CAS-DB can only give it to authorized shake table users,if desired.We will not write out these more restrictive rules here,because Example1b has already shown how to write such policies.To convince Bob that Alice can access the shake table,it suffices for Alice to send Bob a message containing CAS-DB’s base rule and base facts,from which it follows that CAS lsigns auth(shaketable, Alice).Alice does not need to send release policies for CAS-DB’s rules and facts,because Bob does not release them further.Because。