摘要
在信息系统的应用中,为了保证信息的安全使用,为了打破各应用系统间的信息孤岛,降低维护管理成本,切实有效的保证用户身份信息的安全性、完整性、一致性和可用性,最好的方法就是建立一套用户信息管理使用体系,这套体系也就是用户信息资源在所有应用系统中的统一认证和统一授权管理支撑系统。为了解决多系统中存在的多重口令管理而提出的解决方案,它应有统一用户信息资源管理、统一用户身份认证和认证接口服务等三大主要部分组成。也就是要建立权威的、适合各应用系统使用的统一帐号数据库;利用这个统一帐号数据库,通过各应用系统的用户信息的接口,实现用户在各应用系统中的身分识别。统一用户身分识别或认证只是实现了用户统一管理的第一步,要实现用户统一授权,在用户统一认证的基础上完成用户角色管理,通过把用户加入到某一种角色来实现该用户的权限分配,管理员可以添加自定义的角色,从而实现灵活的系统配置;完成模块管理,为控制用户使用系统各功能模块的权限,把系统中所有的功能项添加到模块表中,添加到表中的模块以菜单的形式显示在系统中,增加新的功能模块时,添加模块表,把新增的模块纳入一致的权限管理范畴;完成模块授权配置,对系统各个模块进行定义,并设置对哪些角色、部门和用户开放,从而实现模块的访问控制,确保用户授权的安全性。用户集中统一认证已在多数企业信息化建设中成功应用,用户集中授权工作有些企业还在规划和设想当中,但这个方案从理论上来说是显而易见的,在实际应用实践上不会有大的问题,因此本文提及的统一用户认证和授权是一个完可行的技术方案。
In the application of information systems to ensuring information security,to break the application of information systems and reduce the administrative costs and effectively guarantee the user's identity information security and integrity,consistency and availability,the best way is to establish a set of users of information management systems use the system is a user information resource in all the application system of authentication and authorization management system.To solve the many systems exist in the multiple password administration to the solution,it should be unified users of information resources management and unified identification authentication and certification of user interface service,three main parts.that is to establish an appropriate application systems,using the database:account of the reunification of the database,through application of system user interface the user in the application system of identifying.Reunification of the identity of users to identify or authenticated only realize the reunification of the first step,to achieve unity of authorized users,user on the basis of the complete reunification of the user role management,the user into a kind of role for the user can add custom,the administrators role,the system configuration.Completed module management,to control the user to use the system of functional modules and the system of all the items to your modules are added to the table displays module to the menu in the system,increasing new functional modules,adding modules table,and additional modules into the same rights management aspects.Completed module,for the authorization system modules and definitions,to which part,departments and users open,modules,make sure users have access to the control of security.User authentication has been centralized and unified enterprise information construction of the most successful application,some enterprise users on a job in planning and the idea,but the program in theory it is apparent in practical application of practice will not have a lot of problems,so that the unification of the user authentication and authorization is a practical skill.
出处
《计算机与应用化学》
CAS
CSCD
北大核心
2011年第8期1087-1090,共4页
Computers and Applied Chemistry
关键词
统一用户
身份认证
集中授权
方案实现
unified user
identification authentication
centralized authority
scheme achieve
