Design And Implement Of The New Architecture Of Unified Identity Authentication System In The CERNET

With the development at full speed of the CERNET, the identity authentication as the first protection in the information safety is more and more important. But the drawback exists in each independent identity authentication of various kinds of application systems, and the existing unified identity authentication systems which integrated and combines ability is deficient are unsuitable to the CERNET. So, setting up a unified authentication system, which can complete unified authentication and authority and administer between the application systems .It is an important link of construction of information security system of the CERNET.On the foundation of analysing that security feature of the CERNET and identity authentication current situation and synthesizing the characteristics of relevant technologies, this paper have put forward a new-type architecture of the unified identity authentication system which is suitable for the CERNET. Then have described the UML model of system according to that architecture with the software engineering method and each function course of the use case. And design the expanded catalogue tree and database structure. I have designed the diretory tree and database structure also. At realization Section, I totality summed up diretory server and database access interface and that security transmition first.Then I have put forward the Complete Single Singn-On thought in the system, given emphasis to expound the solution to the difficulty among the Complete Single Sing-On and realizes partly; The paper also have expounded the reliazation of the web services components achieving with Apache Axis framwork, and simple certificate authentication mechanism. Java language and its APIs were used for programmings at this paper; I have offered each key function implementation methods, and given their programing steps and its code. The work in Software designing section and implement section has proved this new-type architecture of unified identity authentication system is feasible. Finally I have summarized the characteristic and superiority of the systemunder this framework.The functions of user registration, accounts association and unified authentication adopt web service, which is apt to system integration. With more application systems joining unified identity authentication serve, this system will play a more important role in the CERNET info security architecture. And network management is simpler.