摘要
本文依据联邦身份认证的需求,结合面向服务设计思想,提出一种面向服务的联邦身份认证应用框架。该框架支持动态实时耦合,利用服务联盟之间的"契约"关系,实现动态查找、定位和绑定身份服务,可有效支持用户身份等安全信息的分布管理与开放获取,有利于实现各应用系统的整合和资源的共享。在该框架的支撑下,将面向服务的联邦认证应用于电信级统一身份认证与访问控制的实现中。经实际运行表明,该技术在满足电信级外部用户快捷方便登录各系统的同时,并能保证和提高服务本身的安全性和管理的灵活性。
This paper propose a service-oriented federal identity authentication framework according to needs of federated identity authentication,combined with the thinking of service -oriented design.The framework supports dynamic real-time interaction and achieve dynamic search,locate and bind the identity service,which can effectively support the distribution management and open access of the security information such as user identity to implement the application system integration and resource sharing.In support of the framework,apply the service-oriented federal authentication to the implementations of Telecom-Grade General Identity Authentication and Access Control.To meet telecom-grade external users to log on the system quickly and easily and ensure the security of the service itself and management flexibility.
出处
《微计算机信息》
2012年第7期109-111,共3页
Control & Automation
基金
基金申请人:许锐豪
项目名称:电信级统一身份认证与访问控制网关
基金颁发部门:工信部(工信部财[2009]453号)
关键词
面向服务
联邦身份
单点登录SSO
统一认证
Service-Oriented
Federal Identity
Single Sign On(SSO)
General Authentication
