The Study On Key Technologies In Cross-Domain Authentication Alliance Based On Lattice

With the rapid development of the distributed Internet, the demand for net service has showed its diversified development. The network resources sharing and service request has been changing from the independent domain autonomous to open dynamic collaboration domain environment. This changing made the cross-domain authentication, the between-domain trust management, and between-domain security become the urgent problems and a challenging research direction.At present, because of the un-scientific of the centralization and the management system of the authentication agency, the traditional cross-domain authentication model has revealed the defects of single-point collapse, network bottlenecks, and inefficient, and other drawbacks, and it hinder the across multiple network information service of the no information monopoly, no centralized, multi-cooperation. In this case, free, open, no platform, highly efficient, stable, safe and reliable trust domain alliance is needed. Therefore, this article mainly studies on the following research area:Aiming at the problems and defects of the existing authentication system, the grid based trusted across domain model is established, in which the mutual constrained double verification mechanism is introduced. It supports the double trust authorization and large-scale cross-domain authentication, so it avoids the safety problems of traditional central authentication. Through the design work flow, the authentication protocols and stealth communication protocol, it safeguards the user identity information and privacy safety. Model has the strict logical structure, have good flexibility and expansibility. So it can resist the single point collapse, network bottlenecks and reduce domain communication scale.In order to solve the large-scale authentication management in distributed network, aiming at the complex and the dynamic of the trust relationship, this paper fully considers the trust value's attenuation ability with time, proposes a new cross-domain authentication system; In computing overall trust value, the trust value calculation function based on migration degree is proposed to make the trust value more close to direct trust credibility and more objectively; then the dynamic trust model of this paper is used in lattice of cross-realm authentication, and shows it's corresponding algorithms; Meanwhile based on the RBAC strategic framework, using matrix mapping structure between domains to mapping the roles, which simplified it's process, and it is convenient the role mapping process; Join a safety testing mechanisms to prevent that in RBAC authorization mechanism, a user has two static mutexes roles to violate the separation of duties; Finally, we give the relevant comprehensive alliance authorization algorithm.In order to solve the quickly path searching problems in authentication alliance authentication, this paper based on heuristic search algorithm, aiming at the static performance of the path of the certificate, mainly concerns the time element, considering the time factor and the efficiency search A * algorithm in static environment, and using the D * algorithm to realize the path research in dynamic environment to give full play to its applicable, satisfy the shortest search optimal path in search, so improved its computation efficiency, safety and reliability. Facing at the problems that in the domain and between the domain, there has the path researched repeatedly, a searching method of AD* is proposed by using the combination of the static and dynamic algorithm. Then the AD * algorithm of search is excellent in its efficiency, and it has advantages to make better use of network resources, and it can solve the lack of flexibility in traditional cross-domain authentication of the vast amount of communication. And it reduces the computational complexity of the path search, effectively reduce the delay, save access paths fees, improve the searching efficiency and flexibility of cross-realm authentication.The paper solves the integration of trust domain alliance. Combining the existing network and security technology, design the system structure of the middleware in cross-domain authentication, and design the functional modules and domain interface functions. Between the each independent trust domain, the unified authentication middleware are used and the relationship between domain are build; when user access in transparent condition, the domain visit and resources sharing is realized by cross domain collaboration; New domain need only to build the unified security trust interface by the cross domain collaboration, then it can build the trust relationship in the process of the visit of other domains, and efficiently save system development costs, improve the system using and operation efficiency.