| Under the trend of Service-Oriented Computing and openness of network, the dissertation proposes an Authentication & Authorization Service (AAS) for distributed electronic medical record applications, which allows users to share login state among the applications through Single Sign on (SSO) and enables the applications to share resources by generalized authorization service.First the paper introduces the background and meaning of AAS; then it presents the relevant technology about SSO and authorization, which includes Microsoft.NET Passport, Liberty Alliance, OpenID, InforCard, DAC, MAC, RBAC and XACML. Next the paper summarizes the software requirements in the scenario of distributed electronic medical record applications. From the point of authentication, it requires the function of SSO, identity federation and security; from the point of authorization, it requires supporting generalization, roles and privacy. According to the requirements, the paper presents a prototype, which achieves the function of SSO by identity federation with pseudonyms and provides generalized authorization service by supporting XACML. In addition, the prototype makes use of SSL and one-time time stamp to improve its security in case of being tampered and the replay attack. Finally, it includes the function test and performance test to verify the function and efficiency of the prototype. At last it is the conclusion and future works. |
PDF Full Text Request