Research And Design Of Unified Authorization Management System In Heterogeneous Environment

As the high-speed development of network and popularization of computer-related technologies, enterprise informationization is also getting faster and faster, more and more enterprises use special Management Information System for business management. Enterprises constantly add new business systems at the basis of the original system platform due to business development needs and for saving cost consideration, which caused that business systems in enterprise may be as much as dozens of. These business systems are often developed by different manufacturers at different times, using different techniques, different implementation platforms, different data structure and realization way, so they are heterogeneous and thus forming many information islands. And each of them has its own authentication and authorization management module, which managing their own users and permissions and other data. As the business continues to expand, there are more and more application systems in enterprise, and this traditional authentication and authorization mechanism will raises issues such as user information cannot be unified, serious duplication of information, the user using the system inconvenient, difficult for the system administrator to maintain the system and damage the system security, and so on.To solve the above problems, on the basis of research on Web Services technology, role-based access control technology, and access control technology in web service environment, this paper proposes a unified authorization management model under heterogeneous environment, which can carry on unified user management and unified authentication and authorization. This model uses RBAC technology, and extend RBAC for the needs of multi-domain environment. In the extended model, the concept of "role" is divided into "global role" and "local role ", and concept of "area" are introduced. Through the mapping between global role and local role, the system can authorize users for multiple domains in the meantime, and can highly compatible with the authorization strategy of existing systems. Considering flexibility and security of the model in the practical application, restraint and delegation proposal are detailed analysised and designed. Users are authorized from three dimensions-role, field and time, which can avoid to defined too many global roles; defines "conflict role of inter-domain", "delegation role set" etc., which provides realizing of duties separation between multiple-domain. This paper designed a unified authorized management system applying the expanded RBAC model, and expatiated important parts such as system deployment, function module design, database design and collision detection in detail. This system integrated authorized strategies and data of the original application system; and the system are encapsulated using Web Services technology, which solved the problem of access data such as user permissions from heterogeneous platform, and also provides better scalability for enterprises to add new system. At the end, the paper summarizes the research and presents the next research.