摘要
在分布式计算环境中,不同企业或者机构之间的信息共享受到一定的局限和制约,尤其是当企业应用采用不同的权限分配和控制方式时,跨系统边界的访问请求将导致系统的安全策略不仅难以制定,而且经常受到质疑。一种基于XML的安全描述语言SAML,具有平台和语言独立性的优势,能实现方式或体系安全服务的互操作性。文章在介绍了SAML标准、SAML体系结构及应用的基础上,针对传统企业应用在跨域授权管理方面的不足,设计了一种基于SAML标准的授权方案,以SAML声明为载体在企业间传递用户的认证和授权信息,实现异构系统的安全集成。
In the distributed computing environment, there are some limitations for different enterprises or organizations to share information. Especially, when enterprises adopt different techniques to realize the authority distribution and controlling mode, accessing and requesting across the system border makes it difficult and complex in establishing security strategies and realizing system management. SAML is a security description language based on XML, and is a platform and language independent, and can realize the interoperability for mode and system security service. This paper introduces SAML standard, SAML structure and SAML applications. To solve the authorization problems existing in traditional systems, an authorization framework based on SAML standard is designed. The SAML assertion is used to exchange user' authentication and authorization information to implement security integration of heterogeneous system.
出处
《电力系统通信》
2006年第11期56-59,共4页
Telecommunications for Electric Power System
关键词
安全声明标记语言
互操作
授权管理
访问控制
Security Assertion Markup Language (SAML)
interoperability
authorization
accessing control
