Abstract: Secure interaction between trusted-domains is a major concern.Combining the advantages of RBAC and the existing authentication technique on crossing the trusted-domain，this paper proposes a model on Crossing the Trusted-domain Privilege Management（CTDPM） which is suitable for distributed network.Role recommending policy and unilateral role mapping policy are proposed to back the safe access between two trusted-domains.By using set theory and the logic of predication，this paper describes the CTDPM model systematically，then gives a suit of rules on privilege and safety，and analyzes their characteristic.Finally，the safe application of this model is demonstrated by showing how it can be used in an access control system.

摘要： 多信任域间的安全访问是一项重要的研究内容。结合基于角色访问控制机制（RBAC）的优势及现有的跨域认证技术构建了一种适用于大规模分布式网络环境的跨信任域授权管理CTDPM（Crossing the Trusted-domain Privilege Management）模型。模型中提出角色推荐和单向角色映射策略，支持分布式环境下任意两个信任域之间的安全访问。运用集合论和谓词逻辑对CTDPM模型进行了系统的形式化描述，提出了一套合理的授权与安全规则，并进行了特性分析，最后给出该模型在访问控制系统中的安全应用。