中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 早期
题名:
基于SAML2的单点登录服务器FAAS设计与实现
作者: 何绍建
答辩日期: 2008-06-04
导师: 秦晓
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 硕士
关键词: 单点登录 ; 面向服务的架构 ; 安全断言标记语言集中认证授权服务器
其他题名: Design and Implementation of SAML2-based Single Sign-On Server FAAS
分类号: 暂无
索取号: 暂无
部门归属: 研究生部
摘要: 国内外对单点登录的研究已经持续多年,存在大量的解决方案和技术突破。但这些研究主要集中在组织或企业内部,其关注点在于将小范围内的各类软件进行集成,集成的方案也多采用集中单点登录形式进行。随着面向服务架构在业界普及,企业计算已经由单纯的内部历史应用整合阶段过渡到“合纵连横”并重的时代。整合组织之间各类服务的需求使跨组织的单点登录问题暴露无遗。由于传输安全和数据隐私无法在组织之间得到保障,不可能将所有企业的身份数据集中管理,传统的集中单点登录已经不能满足在数据分布的情况下实现单点登录功能。同时,各异的单点登录方案之间由于数据和行为不一致导致方案之间不能进行互操作,使得孤岛效应扩大化。为解决组织之间的单点登录并防止孤岛效应进一步扩大,本文在研究和分析现有单点登录解决方案基础上,结合实际项目需要,提出基于增强的SAML2协议堆栈模型的联邦单点登录解决方案,并基于此设计和实现联邦认证授权服务器——FAAS。FAAS通过采用联邦方式在组织之间搭建起一个数据分散、相互信任的单点登录环境;在该互信环境中,通过引入安全断言标记语言,使得其可以与其他单点解决方案互操作,进而防止孤岛效应的扩大化。同时,FAAS采用面向服务原则,基于组件的设计方式进行构建。通过在分布式的环境中采用服务者和消费者模式,将所有的认证、授权、查询业务过程打包成独立的可执行单元。每个单元都作为“端点”对外进行服务。相对于传统的单点登录解决方案,FAAS不但能够降低软件耦合程度,提高软件复用率;减少用户重复认证次数,提高用户效率,而且具有如下特点: • 采用改进的SAML2协议堆栈模型。在保证不同实现方案之间互操作和具体应用服务的快速切换基础上,克服了标准SAML2处理分布式服务中的不足。 • 采用增强的联邦单点登录方式。不但可以进行组织内部的应用集成,而且可以为组织之间的服务整合搭建一个基本可信的单点登录环境。 • 遵循SOA的系统架构。使得请求者可以在基于不同操作系统和不同应用平台的服务间自由流动。目前,FAAS已经能够基本满足跨组织的认证授权需求。
英文摘要: The research on SSO has lasted for many years. Lots of solutions and technical innovations have been made out. Most of these researches are focus on software integration in the internal organization or corporation with the central SSO technology. As the service-oriented architecture becomes popular, the SSO between organizations appears while industry computing emerges into new stage of integration. Due to transport security and data privacy, the data in organizations could not be central managed, central SSO could not satisfy the demand that it could perform SSO actions in the condition that all the identity data are distributed. At the same time, it’s impossible to interoperate between different SSO solutions with separated messages and behaviors. In order to solve the SSO problem among the organizations and remove the isolated-island effect, we suggest a federation solution based on enhanced SAML2 protocol model, design and develop a federation authentication and authorization server (FAAS). FAAS employs the federation to set up a security environment for organizations. And in this environment, we utilize the SAML to make FAAS interoperate with other solution. At the same time, FAAS is architected on the service oriented principle and constructed on the component way. The service/consumer model was implemented and all the services of authentication, authority and query are packaged into executable unit which service the request as endpoint. Compared with traditional SSO solutions, FAAS has the following evident advantages: • Based on improved SAML2 protocols stack. FAAS offers the ability of interoperations and switch between different services. • Based on enhanced federated SSO, it could perform the internal application integration and services unification. • Based on SOA, the requests could choose their services as free. Currently, FAAS could do the transactions of basic authentication and authorization smoothly.
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7294
Appears in Collections:中科院软件所图书馆_早期

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200528015029089何绍建_paper.doc(775KB)----限制开放-- 联系获取全文

Recommended Citation:
何绍建. 基于SAML2的单点登录服务器FAAS设计与实现[D]. 软件研究所. 中国科学院软件研究所. 2008-06-04.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[何绍建]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[何绍建]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace