Study On The Single Sign-on System Based On Passport Protocol

There is a kind of business application mode in actual network applications: website's alliance. The alliance is usually made up of one large-scale website and some small-scale cooperative websites, forming a special and loose portal system. The single sign-on system provides convenience for user to access the resources of each website in the alliance. When a user firstly enters the alliance, he has to authenticate himself to the system. If he succeeds, the system will map the user realistic identity into electronic identity and the electronic identity can be safely and efficiently transferred to other websites. So, the user can get his electronic identity just through one time of identity authenticating. Hereafter, the single sign-on system automatically transfers the identity to other websites for the identity authentication so that the user can efficiently access all the resources of all the websites in the alliance and the efficiency is improved by this method. On the basis of analyzing various kinds of authentication mechanisms, the single sign-on systematic concept, specification requirement and various kinds of implemented methods are expatiated. An improved single sign-on model is proposed, designed and implemented on the basis of comparing and analyzing various kinds of models, especially on the basis of analyzing Microsoft passport protocol model. This model simplifies the cookie configuration of Microsoft passport protocol and implements its own single sign-on interfaces on the basis of the 3-DES (Ttriple Data Encryption Standard) encrypting algorithm, cookie technology and the redirection technology of hypertext transfer protocol. Browser/Server-model-based three-tier architecture is adopted in the design of the model. The technologies of encryption and authentication are applied to protect the privacy and integrity of the user data. This model offers unified single sign-on to users of website's alliance. The design thinking and the architecture of this model, plus the working mechanism and the implementation details of single sign-on authentication, are introduced in the thesis. This model is applied to a value-added service unified management platform project of a great telecommunication operator, and good performance is achieved.