The Research And Design Of Mashup Single-Sign-On Model Based On SAML

Mashups are new Web-based data integration applications that draw upon content retrieved from external data sources to create entirely new and innovative services. In the times of Web2.0, the increasing popularity of web services and OpenAPIs provides a rich source of data fro Mashups. As web services and OpenAPIs are often in different domains. This requires a single sign-on model, users simply log in once, than can access the different services of Mashup.Single Sign-on technology is on researching and developing now, and the deep research has been made, along with various specifications and solutions being put forward. Currently, the specifications and solutions are not perfect and they can't compatible well. Though all kinds of Single Sign-On solutions can provide us with joint identification among many sites in the single domain, but they can't implement joint identifications between many cross-domain sites. Single Sign-On system is faced with the problems of lack of uniform standards, over-complicacy of the flow, the inability of cross-domain operation and security deficiency, and so on. On the basis of a detailed study of SAML, the paper proposed the single sign-on model based on SAML.In design and implementation of the system, considering the lack of SAML in the security field, this paper studies the XML-based PKI security technology depth referred to Web services security specifications, through the combined use of XML signature, XML encryption technology to further proposes end to End security of information transmission program.For the Mashup client model, in order to make the different Web services can visit each other in the case of no touching the user's account, we propose solutions based on OAuth's authentication service. Make sure the whole single sign-on model flexible and security.To bring the present thesis forth the Single Sign-on model, the paper combines the study of the two frequently used information protection and identification mechanism in many Web Services, namely, present security technology in the transport layer and XML security technology, and makes a comparison between their advantages and disadvantages. Referring to Web Service Security Criterion, the thesis further advances the end-to-end security message transport in the Single Sign-on system through the comprehensive user of XML security technology and the effective identity information.