Research Of Intelligent Sign-on System Based On Security Assertion Markup Language

Nowadays, the development of computer network technology and the continuous emerging network applications make users more convenient, but also bring challenges to managing users' password. And the proposed of Single Sign-on (SSO) system can simplify the login process, save users' time, and make the users be able to use many applications by login once.Current SSO research has encountered the problems of the immatureness supporting non-homologous systems of access control integration, the absence of PMI system supporting distributed application, poor the ability of process enterprise-class large-scale data, the weakness of supporting EAI and performing system integration. To solve these problems, this thesis proposes an intelligent sign-on system, based on SAML and PKI/PMI architectures. This System has the advantages in multi-mode integration supporting, high flexibility, enterprise-class supporting, distributed ability, etc. The main contents of this paper are about the technologies of access control and privilege management, and the architecture of SSO system.In the 1st chapter, we outline the SSO system. The background and prospect of SSO system are briefly introduced. A survey of developing history and the challenges encountered in the current research are also explained. At the end of this chapter, we introduce the background of this thesis and its summary.Chapter 2 introduces some specification and architecture of SSO. A fully description of SAML is also presented in this chapter. Then, we introduce PKI/PMI key concepts, for instance CA, RA, SOA, AA, certificate and its storage.In the 3rd chapter, we propose the architecture and model of SAML-based single sign-on system. And then illustrate the principle of multi-mode application, PKI-based key distributing architecture, the generation and validation of SAML token, and configurable authentication plug-in. Afterwards, we analyze the features and advantages of our model in security, extensibility, multi-model support, and information share.In the 4th chapter, we introduce key technologies of intelligent sign-on system;propose the framework of Role-based Access Control. Then the secure information share among the members is taken into consideration, a privilege management framework based on ontology is introduced. And we describe some criticalalgorithms about privilege management.Finally, we integrate these technologies into JTang Server, the fundamental middleware platform, and develop the JTang Single Sign-on system. Then we conclude this thesis. And some future work is proposed.