中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
LDAP及其在PKI系统中的实现与应用研究
作者: 杜娟
答辩日期: 2004
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 分布式技术 ; 资料库
摘要: 计算机网络经过长期的发展,不同的操作系统和应用程序以不同的格式在网络上存储了大量信息。一个网络管理员无法在一个集中的信息库中、以方便的方法管理网络信息和资源。用户必须使用不同的应用程序获取不同的信息和资源,这大大增加了用户的负担,也使许多信息难以共享,LDAP技术以通用的格式和方式实现信息的存储和访问,使用一致的方式命名、描述及指定一个机构范围内的用户和资源,从而简化了通信与管理;它可以使用户通过简单的搜索,寻找资源及其他用户;也可以帮助管理人员收集和控制散布于该机构的信息,并使他们全面地审视和管理这些信息。本文以LDAP在PKI资料库系统中的设计和开发为背景,讨论了LDAP的各种特性,并为PKI系统提供了一个证书及证书用户信息存储、管理的解决方案,对实施和推广普适性、应用简单和开发可扩展的P心系统具有重要的作用。针对LDAP技术的研究和分析以及和P心系统的整合是论文的主要工作。首先,深入研究了PK工和LDAP技术的理论,介绍了PKI的系统结构和LDAP基本原理,并将LDAP和X.50O目录服务做了比较分析,在此基础上总结了LDAP在PKI系统中的需求,为LDAP在PKI中的实施提供了理论基础。然后,提出了LDAP的协议模型和数据模型,从基本元素、操作规则和格式等角度详细对LDAP协议进行了可实施性分析。为PKI应用中证书管理机制的选择指出了可遵循的原则。根据LDAP中推荐、复制等机制构造分布式目录环境,并且LDAP避免了关系数据库数据类型验证和事务完整性确认而引起的PKI系统整体性能降低和系统管理繁琐等问题,简化了对数据的操作,大大缩短了证书用户的响应时间,优化了PKI系统的整体性能。最后,通过对LDAP在PKI系统中目录树设计、服务器的规划,运用JNDI实现了基于LDAP的PKI用户和CA与证书资料库的接口,用以证书、证书撤消列表CRL的检索和管理。
英文摘要: By a long time development, network storage a great deal information in the different OS and all different application with varied format. An administrator of networks cannot manage the information and resource with expedient advantageous ways in concentrated information storage. The users must get many information and resource from many kinds of application program. So users are difficult to share the same information and cannot bear it. The technique of LDAP make information stored and visited in general formats and manners, it name, describe and specify the area of users and resource in consistent manner. So LDAP can simplify the communication and management; offer simplified search for users to find out the resource or other users; for scanning and managing in all aspect, help the administrators to collect and control the spreading information in their institution. This article discusses each characters of LDAP with the design and development for database of PKI system and offers a resolve way to store and manage the information for users and certificates which is important for bringing into effect and extend PKI system with characters of simple application, extendable, common. The main work of this article is studying, analyzing the LDAP technique and composing the PKI system. Firstly, this paper study the theory of the PKI and LDAP technology in detail, introduces the architecture and principles of PKI and LDAP, and also compares it with the X.500 directory service, To make a summary of the requirement in PKI system by LDAP based on the LDAP technique, it can afford a theory base for develop PKI system program. Secondly, put forward the LDAP protocol models and data models, and analyze the feasibility of LDAP protocol operation from a point of view of the basic element> operation rules and format. Point out the rules to select the LDAP step by step circumstance and avert the performance fall of PKI whole system and the overloaded for details in its management without validating the data in the data-base or affirm of integrality, so shorten the time certification user used and optimize the performance of the whole PKI. At last, through designing the directory tree and make out servers in PKI system with LDAP techniques, realize the interface between PKI users based on LDAP with CA and database of certificate applying JNDI for searches and management of certificate and CRL.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6162
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW014069.pdf(2639KB)----限制开放-- 联系获取全文

Recommended Citation:
杜娟. LDAP及其在PKI系统中的实现与应用研究[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[杜娟]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[杜娟]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace