| 一种可扩展的单点登录系统 |
| |
| 引用本文: | 黄河,单志广,黄冬泉.一种可扩展的单点登录系统[J].东南大学学报,2007,23(3):465-468. |
| |
| 作者姓名: | 黄河 单志广 黄冬泉 |
| |
| 作者单位: | 北京航空航天大学软件学院,国家信息中心信息化研究部,徐州空军学院基础部 北京100083,北京100045,徐州221000 |
| |
| 基金项目: | The National Natural Science Foundation of China(No60673054) |
| |
| 摘 要: | 为解决传统单点登录系统的可扩展性和身份联合问题,将系统划分为不同的安全域,每个安全域具有域内的安全验证服务器,并且不同的安全域之间具有信任关系以支持身份联合.安全服务器负责域内用户的验证和授权,同时为不同域之间的用户提供身份联合.系统使用SAML断言作为安全令牌以完成验证、授权和身份联合过程.单点登录过程的设计基于web服务安全框架和多安全域,并且授权总是在服务提供者所在的域内实施,因此无论对于域内还是域外用户,系统提供了一种简单、可扩展、标准并且安全的访问web服务的方法.
|
| 关 键 词: | 安全系统 体系结构 web服务 单点登录 身份联合 |
| 修稿时间: | 2007-05-18 |
Scalable single sign-on system |
| |
| Huang He,Shan Zhiguang,Huang Dongquan.Scalable single sign-on system[J].Journal of Southeast University(English Edition),2007,23(3):465-468. |
| |
| Authors: | Huang He Shan Zhiguang Huang Dongquan |
| |
| Institution: | 1 College of Software, Beihang University, Beijing 100083, China;2Department of Informatization Research, State Information Center, Beijing 100045, China;3Department of Foundation Courses, Xuzhou Air Force Academy, Xuzhou 221000, China |
| |
| Abstract: | To address the scalability and identity federation problems of the traditional single sign-on system,the proposed scheme divides the security systems into different security domains.Each security domain has its own security servers and service providers,and there are trust relationships between different security domains for identity federation.The security server is responsible for authentication and authorization inside the domain,and offers identity federation capability for different domains.The security assertion markup language(SAML) assertion is used as security token in the system for authentication,authorization,and identity federation.The design of the proposed single sign-on process is based on web service security framework and multiple security domains,and the authorization is always deployed in the local area inside the service provider's security domain,which enables web service clients,both inside and outside their security domains,to access the services in a simple,scalable,standard and secure way. |
| |
| Keywords: | security systems architecture web service single sign-on identity federation |
| 本文献已被 CNKI 维普 等数据库收录! |
|
