The Study And Implementation Of Authentication And Access Control Technology In The Electric Documents Exchange System

With the high speed of the information and network technology development and the popularization of the applications in the corporation, resource conformity between systems, the realization of Consolidated Identity Authentication(CIA) and Centralization Access Control(CAC) between several system security domain, it can simplify operation process, increase efficiency, ease management. It has become hotspot in the area of distributing system.In this paper, after studying the advantage and disadvantage of the existing solution of the CIA and CAC, based on one department of GongDong province demands, an Electric Docments Exchange System based on XML security technology(XEDES) is designed and realized. Around the designs and implements of the system, the key work includes:1. The model of CIA and CAC based on SAML and XACML is presented. Based on the further study and analysis of the specifications about XML security,combining the actual demands, a model of CIA and CAC is presented. The model can offer the support of share of security information between several applications, and realize the single-sign on and access authorization.2. The design of XEDES is presented.After analyzing the problems of identity authentication/access control disunity, differ security technology standard, the threat of the key information transmission and storage, and the requirement of the security, credibility, extensibility, interaction, maintenance-easy is considered, the detail design of XEDES is presented. The system is based on J2EE platform, which adopts the SAML/XACML/XML encryption and signature technology. It can provide the function of CIA, CAC and security data exchange between different application systems.3. Implement and application of the XEDESCombining the actual demands, the implement of the XEDES is introduced. The main processes of system are shown by several key steps. After applied, XEDES can accomplish the function of CIA and CAC effectively, and it can fulfill the object required.This system had been used in the OA networks in one department of Guangdong province, which can realize the function of exchanging electric documents among OA systems and business systems, and the information share between departments is realized.