摘要
为满足应用服务提供商平台集成多种异构应用系统的实际需求,提出了一种采用统一安全认证技术进行轻量级应用集成的解决方案。该方案采用目录服务数据库,统一存储用户身份和权限信息,使用会话令牌保证用户身份的持久有效性,通过策略代理保护应用服务资源的安全,并对用户的访问进行统一授权和控制。为实现用户在平台和应用系统之间的单点登录,提出了令牌和代理相结合进行身份信息传递与验证的实现方案,尤其是解决了跨域单点登录的难题。该方案已成功应用于上海电信理想商务应用服务提供商平台。
To satisfy requirements from Application Service Providers" (ASPs) on integrating different application systems into ASP platform, a light--weighted integration method was brought forward based on the unified security authentication technology. According to the method, all users" identification and authorization information were stored in a Light--weight Directory Access Protocol (LDAP) based directory database, tokens were set to keep user session's validity, policy agents were installed to protect all the application resources, and user's access to these resources were granted and controlled centrally. Combining the use of tokens and policy agents, the problem of Single Sign On (SSO) among platforms and applications, especially SSO among cross--domains, could be solved. Finally, this method has been successfully implemented in, "Shanghai Telecom Ideal Biz ASP Platform" Project.
出处
《计算机集成制造系统》
EI
CSCD
北大核心
2005年第12期1738-1742,共5页
Computer Integrated Manufacturing Systems
基金
国家863/CIMS主题资助项目(2003AA414012)~~
关键词
应用服务提供商
认证
授权
单点登录
访问控制
目录服务数据库
application service provider
authentication
authorization
single sign on
access control
directory database