Based on a detailed investigation and study on the international typical security models about authentication and authorization (A&A), this paper put forward a new single-domain security model that is fit for China Railway. It's name is Unified A&A Model. The model urges an authentication way with digit certification, and an authorization mode with Role-Based or Group-Based access control. The former ensures the high intensity when authenticating, and the latter guarantees a fined-granularity access control. The model works on a centralized way in user management and A&A.The implementation of Unified A&A Platform based on the innovative model. Integrating with data duplication and grading commission, the platform gains the ability to manage large numbers of users, and it give us a vision that it could support cross-domain access control. This paper has also made some research on the access framework based on user classification, the user management and the characteristics of authorization, and efficiency optimization. At last, the paper validates the platform security function through the design and realization of Voting System.The research on the model and the implementation of the platform will boost the information security of China Railway, and it will be a good reference to other national security platforms.
|