| With the rapid development of the computer network and information technology, the informationization of the enterprises has improved greatly. More and more business systems, such as OA,CRM,ERP,OSS, have brought out and improved the management level and work efficiency. But, each of them has their own identity systems. It leads to many problems. On the one hand, people have to keep lots of account passwords in mind. If the password is stolen, the enterprises will lose so much. On the other hand, the enterprises get more and more information in different ways, but they lack a uniform portal to show the information.As for these problems, SSO (Single Signed-On) technology and user identity management technology supporting across domain have rapidly developed. Microsoft's Passport once well solved the problems. It stores the users'identity passwords and other information in a single large database. The users only have to get a password in any Microsoft authorized website, and then they can freely access any Microsoft authorized website. This centralized identity authentication system needs users to hand in their all authentication information to a single server, and it certainly increases the risk. At present, with the development of SAML standard, many professionals,organizations and enterprises have approved the technology of the identity federation. This technology advocates users to scatter their verified information in many distributed databases and form an identity verification federation. In this way, we can realize SSO and the united identity authority. In view of current situation of this field, identity federation has become the main problems of the identity management.In this thesis, the tendency of the identity management will be analyzed firstly, and lead to research content and main work. Then, some basic knowledge involved in this thesis is presented, including SAML2.0 and a frame of the identity federation-Liberty 1.2, and some real case will be analyzed too. After this, the uniform identity management platform, including several traditional identity management systems, will be discussed deeply. Later, an identity information exchange model based on trust group and trust domain network and the design of the system are proposed, and the main functional modules of the system are also introduced, including account association, SSO, SLO (single-logout), user register, association cancellation and privacy protection and so on. At the end of this thesis, a conclusion and an outlook will be made. |
PDF Full Text Request