基于联盟认证的单点登录能够认证不同组织的用户,但资源的多样化导致了管理上的困难。针对该问题,采用Shibboleth联盟认证方式,规范多种资源访问的REST API接口,并借助Shibboleth的属性筛选策略发布访问资源的授权码,实现多组织用户访...基于联盟认证的单点登录能够认证不同组织的用户,但资源的多样化导致了管理上的困难。针对该问题,采用Shibboleth联盟认证方式,规范多种资源访问的REST API接口,并借助Shibboleth的属性筛选策略发布访问资源的授权码,实现多组织用户访问多种复杂资源的统一认证。以基于Open Ed X的在线实验平台为例,解决了平台中统一认证以及复杂资源授权的问题,验证了采用Shibboleth进行用户统一认证,通过REST API接口以及授权码的发布可实现复杂资源共享,并在Open Ed X上以XBlock的方式实现与其余系统的数据交互。展开更多
The notion of this project is derived from our practical use of user authentication system namely Shibboleth at the University of Bedfordshire. It has been found that the University of Bedfordshire controls its variou...The notion of this project is derived from our practical use of user authentication system namely Shibboleth at the University of Bedfordshire. It has been found that the University of Bedfordshire controls its various services including student portal Breo, Learning Resources and Student Email Access and others through the Shibboleth. Like the University of Bedfordshire the other Universities in the UK are also implementing the Shibboleth system in their access management control. Therefore, the researchers of this project have found it important to evaluate its efficiency and effectiveness of Shibboleth from different perspectives. In the first part of this paper it tries to explain the features of Shibboleth as SSO services and compares it with other SSO services like Athens, Kerberos, etc. Then in the middle section, the authors go through the steps of installation and configuration of the Shibboleth. In the end of the paper, based on the survey of real users of Shibboleth at the University of Bedfordshire, the authors give its insights on the effectiveness of the Shibboleth as SSO service. Throughout this investigation, the authors have applied a triangulation to find out user and service provider viewpoint about Shibboleth. Although there were some problems persisted, the authors also implemented the Shibboleth system successfully to figure out different problems, efficiency and effectiveness. The recommendations and conclusion have been provided at the end of this project.展开更多
文摘基于联盟认证的单点登录能够认证不同组织的用户,但资源的多样化导致了管理上的困难。针对该问题,采用Shibboleth联盟认证方式,规范多种资源访问的REST API接口,并借助Shibboleth的属性筛选策略发布访问资源的授权码,实现多组织用户访问多种复杂资源的统一认证。以基于Open Ed X的在线实验平台为例,解决了平台中统一认证以及复杂资源授权的问题,验证了采用Shibboleth进行用户统一认证,通过REST API接口以及授权码的发布可实现复杂资源共享,并在Open Ed X上以XBlock的方式实现与其余系统的数据交互。
文摘为解决文化资源分布不均衡的问题,实现不同地区文化资源的共享共建,设计和实现了基于Open Stack的新疆伽师县远程教学云资源库。应用Swift存储管理模块建设分布式资源库,应用Keystone鉴权管理模块实现访问用户的鉴权。为方便对不同单位用户进行身份验证,使Shibboleth SP组件与Keystone结合实现了用户的统一鉴权;通过JAAS安全框架使Shibboleth Id P组件与用户所在单位已有的认证程序绑定,实现了用户的本地认证。云资源库的实现有利于发挥优质网络资源的辐射,促进文化教育落后地区的发展。
文摘The notion of this project is derived from our practical use of user authentication system namely Shibboleth at the University of Bedfordshire. It has been found that the University of Bedfordshire controls its various services including student portal Breo, Learning Resources and Student Email Access and others through the Shibboleth. Like the University of Bedfordshire the other Universities in the UK are also implementing the Shibboleth system in their access management control. Therefore, the researchers of this project have found it important to evaluate its efficiency and effectiveness of Shibboleth from different perspectives. In the first part of this paper it tries to explain the features of Shibboleth as SSO services and compares it with other SSO services like Athens, Kerberos, etc. Then in the middle section, the authors go through the steps of installation and configuration of the Shibboleth. In the end of the paper, based on the survey of real users of Shibboleth at the University of Bedfordshire, the authors give its insights on the effectiveness of the Shibboleth as SSO service. Throughout this investigation, the authors have applied a triangulation to find out user and service provider viewpoint about Shibboleth. Although there were some problems persisted, the authors also implemented the Shibboleth system successfully to figure out different problems, efficiency and effectiveness. The recommendations and conclusion have been provided at the end of this project.