| With the development of the new network such as the e-business and the e-government, the network already entered each social domain. In the traditional application systems, the authentication mechanisms are various, so the authentication mechanism verifies his identity when a user wants to enter an application system every time, and using different log-on method in different system.Users will feel inconvenience during the complex process of log-on, and users log on system the more times, the system has the larger threat.In order to provide a secure and convenient working condition to users, this paper proposes a multiple domains Single Sign-on (SSO) model based on PKI/PMI technology.The system is implemented by the model, which is a trust and authorization system based on SAML. The system uses the Public Key Certificate to authenticate user's identity, and uses the Attribute Certificate to support the Role-Based Access Control.The user who only passes identity authentication one time may enter all application systems and access all resources of his privilege.This presents the integrative design of SSO and PKI/PMI technology sufficiently.The system uses a dual-factor authentication method and a digital certificate authentication protocol during the process of authentication, which strengthens the security of the system effectively.And through the distributed authentication technology, the user may pass identity authentication not only in his domain, but also in other domain, so that the user may access application servers in different domain, and implement the SSO in multiple domains.In order to solve the problem of single sign-on system integrating seamlessly with original application systems, this paper proposes a scheme of the system integration according to the Web Services technology having the characteristics of loose coupling and cross platform.The scheme makes the SSO system and the application systems which are heterogeneous into a unified whole to carry on the joint operation. |
PDF Full Text Request