| Traditional authentication mechanism is based on user's name and password. When a user wants to enter a system, he must input the right account information. If he wants to visit resources in different systems, he must input various account informations to enter corresponding systems. This mechanism wastes user's time and make user remember so much account information.Single Sign On is introduced to resolve this problem. When a user firstly enters a system, he has to authenticate himself to the system. If he succeeds, the system will map the user realistic identity into electronic identity. Through the secure and efficient transfer of the electronic identity, the user can visit all systems automatically and efficiently without repeatedly inputting his account information.This article introduces two types of SSO (Single Sign-On)systems: true-SSO and pseudo-SSO,and analyses this two types of SSO systems from the cost in setting up the authority of users and the cost of deployment and maintenance. Based on the analysis this article brings forward a mid-SSO model. It aims at resolving the problem of setting up the authority of users quickly and low costly in order to reduce the cost of deployment and maintenance when building SSO system. Combining the two types of SSO's advantages and importing the mechanism os Identity Mapping make the authorization not more a hard problem.SAML (Security Assertion Markup Language) has been the public SSO realization standard gradually. This article introduces SAML clearly.Its'standardization makes for SSO criterion and expanse. This article focuses on seting up an application of the mid-SSO model, which is a SSO system based on SAML and Identity Mapping. Combing the technology of .NET Framwork and XML Security, It designs and realizes a SSO platform. |
PDF Full Text Request