东南大学学报(英文版)2007,Vol.23Issue(3):465-468,4.
一种可扩展的单点登录系统
Scalable single sign-on system
摘要
Abstract
To address the scalability and identity federation problems of the traditional single sign-on system,the proposed scheme divides the security systems into different security domains.Each security domain has its own security servers and service providers,and there are trust relationships between different security domains for identity federation.The security server is responsible for authentication and authorization inside the domain,and offers identity federation capability for different domains.The security assertion markup language (SAML) assertion is used as security token in the system for authentication,authorization,and identity federation.The design of the proposed single sign-on process is based on web service security framework and multiple security domains,and the authorization is always deployed in the local area inside the service provider's security domain,which enables web service clients,both inside and outside their security domains,to access the services in a simple,scalable,standard and secure way.关键词
安全系统/体系结构/web服务/单点登录/身份联合Key words
security systems/architecture/web service/single sign-on/identity federation分类
信息技术与安全科学引用本文复制引用
黄河,单志广,黄冬泉..一种可扩展的单点登录系统[J].东南大学学报(英文版),2007,23(3):465-468,4.基金项目
The National Natural Science Foundation of China (No.60673054). (No.60673054)
