国防科技大学学报Issue(3):122-128,7.DOI:10.11887/j.cn.201403022
面向大型机构的统一身份管理方法
Unified identity management method for large organizations
摘要
Abstract
In order to solve the problems of unified identity management in large organizations’information systems,a new identity management alliance for large organizations is proposed.Through consulting the Liberty Framework raised by the Liberty Alliance Organization,as well as reforming its structure and its pattern of building trust relationships among IDPs,the new identity management alliance is more suitable than the Liberty Framework for large organizations,which are distributed,autonomous,globally unified,and coordinated.In terms of physical structure,the new identity management alliance can be regarded as a tree consisting of multiple IDP nodes while each node must and can only develop trust relationships with its father node and child nodes.This is totally in line with the tree-like hierarchy of every large organization in the real world.In the system realization,based on the tree-like structure of the new identity management alliance,a hierarchical storage of the authentication data is achieved by adopting LDAP.In addition,the user access control was conducted by a security authentication gateway at the network layer,which consequently makes it possible to support B/S and C/S application systems at the same time.关键词
大型机构/统一身份管理/身份管理联盟/身份提供者/单点登录Key words
large organization/unified identity management/identity management alliance/IDP/single sign-on分类
信息技术与安全科学引用本文复制引用
王超,郭长国,刘东红,李安琪,王怀民..面向大型机构的统一身份管理方法[J].国防科技大学学报,2014,(3):122-128,7.基金项目
国家自然科学基金资助项目 ()
