| With the development of China informationlization construction, information security requires higher level and the situation in our country is still serious. There are many deficiencies in authentication, privilege management, and access control fields of security software platform. To solve these problems involving the immatureness supporting non-homologous systems in modeling technology of access control integration, the absence of PMI system supporting distributed application, poor the ability of process enterprise-class large-scale data, the weakness of supporting EAI and performing system integration, we propose GED-PMI3S (Grid-based Enterprise-class Distributed Privilege Management Infrastructure Supporting Single Sign-on) based on PKI/PMI architectures. The system have the advantages in loose-couple, high flexibility, enterprise-class supporting, distributed ability, etc. The main contents of this paper are about the architecture, modeling and technologies of the PMI system.In the first part, we summarize the present research situation in PKI/PMI and related fields, and point out the deficiencies existed in current PMI platform. Furthermore, we define the research object of the article. In the second part, we introduce PKI/PMI key concepts, for instance CA, RA, SOA, AA, certificate and its storage, and four PMI basic models, namely, universal model, control model, entrust model and role model, then analyze the strongpoint and shortcoming. Subsequently, the architecture and model of GED-PMI3S are proposed. In the third part, through the research of the key technologies, we find that the combination of these technologies and PMI can support enterprise-class distributed application and make up for the disadvantages of current PMI technology. In the last part, we apply GED-PMI3S to the development project of middle-ware that is Zhejiang Provincial Science & Technology Department important tough project, and take rather good effect.
|
PDF Full Text Request