| One of apparent merits about Web Service is that it could realize resource sharing and intercourse under heterogeneous environment. But the secure problem following this character makes many enterprises confine Web Service to their inner part. One user who needs to log on varied systems is required to present varied identities, which would lead to many problems such as too many identities needed to remember, log on system too many times, password multiply too much, the risk of passwords being stolen increase and too much work has to be done to maintain the user's identify , etc. In order to solve these problems above, there is a growing requirement for Single Sign-on (SSO) and identify management system supporting across domains. The Microsoft's passport system achieved this goal of user's identify management across domains, but it is realized by a sole large database, storing all of user's passwords and other related information, which is manipulated by a company. This kind of mechanism of centralizing verification not only requires the user's confidence about presenting their personal information to a sole operation machine but also increase the risk. On the contrary, identity federation advocates that users should scatter their verified information around multiple databases and form an identity verification federation in order to free the user of the trouble of logging too many times and simplify the identify management. Federation will become the main developing trend in the domain of identity management. The management of federated identity is becoming the current main research content and focus. And it is also mainly discussed in this paper.Firstly this paper analyzes the requirement of Web Services security and the developing trend of identity management, which lead to research content and sense for the federated identity management. Then some basic knowledge involved in this paper is presented, including Web Services introduction and SAML. This section discusses deeply the system of the federated identity management including the identity management architecture provided with federation function, federated network identity and the concept of confidence circle. Next the model of federation information switching and two cases of this system as well as federation system architecture are given, in addition to that the function requirement of federation system is explained. The following is the design of identity verification federation, SSO and Single Logout in the system of the federated identity management. At the end of this paper, the realization of case of SSO is introduced. |
PDF Full Text Request