| 题名 | 基于SAML2的单点登录服务器FAAS设计与实现 |
| 作者 | 何绍建 |
| 学位类别 | 硕士 |
| 答辩日期 | 2008-06-04 |
| 授予单位 | 中国科学院软件研究所 |
| 授予地点 | 软件研究所 |
| 导师 | 秦晓 |
| 关键词 | 单点登录 面向服务的架构 安全断言标记语言集中认证授权服务器 |
| 其他题名 | Design and Implementation of SAML2-based Single Sign-On Server FAAS |
| 学位专业 | 计算机应用技术 |
| 中文摘要 | 国内外对单点登录的研究已经持续多年,存在大量的解决方案和技术突破。但这些研究主要集中在组织或企业内部,其关注点在于将小范围内的各类软件进行集成,集成的方案也多采用集中单点登录形式进行。随着面向服务架构在业界普及,企业计算已经由单纯的内部历史应用整合阶段过渡到“合纵连横”并重的时代。整合组织之间各类服务的需求使跨组织的单点登录问题暴露无遗。由于传输安全和数据隐私无法在组织之间得到保障,不可能将所有企业的身份数据集中管理,传统的集中单点登录已经不能满足在数据分布的情况下实现单点登录功能。同时,各异的单点登录方案之间由于数据和行为不一致导致方案之间不能进行互操作,使得孤岛效应扩大化。为解决组织之间的单点登录并防止孤岛效应进一步扩大,本文在研究和分析现有单点登录解决方案基础上,结合实际项目需要,提出基于增强的SAML2协议堆栈模型的联邦单点登录解决方案,并基于此设计和实现联邦认证授权服务器——FAAS。FAAS通过采用联邦方式在组织之间搭建起一个数据分散、相互信任的单点登录环境;在该互信环境中,通过引入安全断言标记语言,使得其可以与其他单点解决方案互操作,进而防止孤岛效应的扩大化。同时,FAAS采用面向服务原则,基于组件的设计方式进行构建。通过在分布式的环境中采用服务者和消费者模式,将所有的认证、授权、查询业务过程打包成独立的可执行单元。每个单元都作为“端点”对外进行服务。相对于传统的单点登录解决方案,FAAS不但能够降低软件耦合程度,提高软件复用率;减少用户重复认证次数,提高用户效率,而且具有如下特点: • 采用改进的SAML2协议堆栈模型。在保证不同实现方案之间互操作和具体应用服务的快速切换基础上,克服了标准SAML2处理分布式服务中的不足。 • 采用增强的联邦单点登录方式。不但可以进行组织内部的应用集成,而且可以为组织之间的服务整合搭建一个基本可信的单点登录环境。 • 遵循SOA的系统架构。使得请求者可以在基于不同操作系统和不同应用平台的服务间自由流动。目前,FAAS已经能够基本满足跨组织的认证授权需求。 |
| 索取号 | 暂无 |
| 英文摘要 | The research on SSO has lasted for many years. Lots of solutions and technical innovations have been made out. Most of these researches are focus on software integration in the internal organization or corporation with the central SSO technology. As the service-oriented architecture becomes popular, the SSO between organizations appears while industry computing emerges into new stage of integration. Due to transport security and data privacy, the data in organizations could not be central managed, central SSO could not satisfy the demand that it could perform SSO actions in the condition that all the identity data are distributed. At the same time, it’s impossible to interoperate between different SSO solutions with separated messages and behaviors. In order to solve the SSO problem among the organizations and remove the isolated-island effect, we suggest a federation solution based on enhanced SAML2 protocol model, design and develop a federation authentication and authorization server (FAAS). FAAS employs the federation to set up a security environment for organizations. And in this environment, we utilize the SAML to make FAAS interoperate with other solution. At the same time, FAAS is architected on the service oriented principle and constructed on the component way. The service/consumer model was implemented and all the services of authentication, authority and query are packaged into executable unit which service the request as endpoint. Compared with traditional SSO solutions, FAAS has the following evident advantages: • Based on improved SAML2 protocols stack. FAAS offers the ability of interoperations and switch between different services. • Based on enhanced federated SSO, it could perform the internal application integration and services unification. • Based on SOA, the requests could choose their services as free. Currently, FAAS could do the transactions of basic authentication and authorization smoothly. |
| 公开日期 | 2011-03-17 |
| 分类号 | 暂无 |
| 内容类型 | 学位论文 |
| 源URL | [http://124.16.136.157/handle/311060/7294]  |
| 专题 | 软件研究所_软件所图书馆_早期 |
| 推荐引用方式 GB/T 7714 | 何绍建. 基于SAML2的单点登录服务器FAAS设计与实现[D]. 软件研究所. 中国科学院软件研究所. 2008. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论