期刊文献+

基于OAuth2.1的统一认证授权框架研究 被引量:4

Research on an OAuth2.1-based Unified Authentication and Authorization Framework
下载PDF
导出
摘要 在企业信息化不断发展的背景下,企业内部的各类应用越来越多.为了便于企业内部各类应用的访问控制管理,使用户登录1次就能访问到授权范围内的所有应用,建立一个统一、有效、安全的认证授权系统是十分必要的.在研究OAuth2.1协议的基础上,提出了一种适用于企业内部的基于OAuth2.1的统一认证授权框架.该框架包括认证、授权和安全性设计3个方面,具有用户和应用认证、OAuth2.1的授权、用户和应用数据管理、权限管理以及安全风险检测5大功能模块,并对框架的可行性和安全性进行了分析.研究结果表明,该框架较好地体现了在企业内部建立统一、有效、安全的认证授权系统的需求,对企业内部快速建立统一认证授权系统具有广泛的实践指导意义和应用价值. With the development of enterprise informatization,there are more and more applications within the enterprise.To make better the access control management of applications in the enterprise,and users can access all the applications which are authorized after logging in once,it is essential to establish a unified,effective and secure authentication and authorization system.On the basis of studying the OAuth2.1protocol,the paper proposes an OAuth2.1-based unified authentication and authorization framework.The framework includes three aspects:authentication,authorization,and security design.The framework includes five functional modules:userapplication authentication,OAuth2.1authorization,user-application data management,authority management,and security risk detection.The feasibility and safety of the framework are analyzed.The results of the research are shown that the framework better reflects the need of establishing a unified,effective,and safe authentication and authorization system within the enterprise,and the framework has a wide range of practical guiding significance and value for the rapid establishment of a unified authentication and authorization system within the enterprise.
作者 郭晓宇 阮树骅 Guo Xiaoyu;Ruan Shuhua(School of Cyber Science and Engineering,Sichuan University,Chengdu 610207;Cyber Science Research Institute,Sichuan University,Chengdu 610207)
出处 《信息安全研究》 2022年第9期879-887,共9页 Journal of Information Security Research
基金 国家自然科学基金项目(61802270) 四川大学工科特色团队项目(2020SCUNG129)。
关键词 OAuth2.1协议 认证 授权 单点登录 安全风险检测 访问控制 OAuth2.1protocol authentication authorization single sign-on security risk detection access control
  • 相关文献

参考文献4

二级参考文献7

共引文献31

同被引文献31

引证文献4

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部