| The basic philosophy of Single Sign On is to provide unlimited accessing with single sign-on. Because web services involve the coordination of many sites belonging to different domains, it will bring about the issue of cross-domain coordinated identification and the security message transport. Therefore the cross-domain Single Sign On based on uniformed standards has become a focus of the researches in the security field at home and abroad.Based on the analysis of security requirements of current Web Services, the basic philosophy of Single Sign On system, and the frequently employed Single Sign On technology at home and abroad, the present dissertation elaborates on such issues as the lack of uniform standards, over-complicacy of the flow, the inability of cross-domain operation and security deficiency, to name just a few, which are beyond the capability of the current Single Sign On system, though it can provide us with joint identification between many sites in the single domain. On the basis of a detailed study of SAML, the paper focuses on the fundamental comparison between and analysis of the two typical Single Sign On models grounded on SAML. The author then puts forward an Improved of Single Sign On model founded on SAML to simplify the flow of the system during the Single Sign On process. On the basis of the Improved Single Sign On model, the present dissertation designs an overall architecture of Single Sign On system grounded on SAML, conceives the operation flow of the whole system in great details and describes it at length with an aim to apply the above-mentioned theories into practical security system. And the paper divides the system framework into three entities and two common modules with the former being Client End, Center Secure Service End and Destination Service End and the later being XML Information Security Processor and Transport Interface. Then the paper offers detailed design and respective implementation methods one by one.The present thesis not only brings forth an Improved Single Sign On model but also makes a minute prediction and analysis of the hidden security trouble which the clients may be confronted with in the transport of important messages during the simplified Single Sign On process. The paper combines the study of the two frequently used information protection and identification mechanism in many Web Services, namely, present security technology in the transport layer and XML securitytechnology, and makes a comparison between their advantages and disadvantages. Referring to Web Service Security Criterion, the thesis further advances the end-to-end security message transport in the Single Sign On system through the comprehensive use of XML security technology and the effective identity information. In the last part the present paper employs a demonstration to identify the theories and technologies above. The demonstration shows the expected simplified Sign On step of this system and educes the system security index.
|
PDF Full Text Request