Uniform Identity Authentication And Access Control Study Based On Distributed Environment

The informationization of higher education institutions has been developing fast recently. Building a digital campus has become an important aim for the modernization of higher education institutions. Different information systems have been built for campus network, such as email system, OA system, teaching management system and so on. And many new applicable systems are under construction for better serving the students and the faculty.Along with the widening application of campus network, the number of users is increasing, which brings two problems in information security. First, there is potential hazard lies in the web application system. For example, cleartext transmission, no or weak identity authentication, no unified authorization management, all these are inclined to be attacked by hackers. The other problem is that different users need to type in names and passwords repeatedly while facing different systems. This is not just troublesome but also easily causes losses of passwords. That means, to ensure the safety of campus network application system, we need a unified, safe and effective system containing both identity authentication and access control.Nowadays, uniform identity authentication and access control are hot research issues, and many Web Services protocol based on SOAP, such as SAML, WS-Federation, XACML have emerged and won support from many famous companies. However, to use these protocols correctly is very difficult. Overcoming the ineffectiveness and complex of traditional system, RAIM is a new identity management system based on Rest and AJAX, taking REST, AJAX and Javascript wormhole as its core technique.RAIM has a new, highly effective identity authentication method based on AJAX. Avoid using HTTPS authentication methods, its computing cost is too high, and demanding high performance server. Using the technique of JavaScript wormhole, AJAX and secondary login, it supports cross-domain SSO and overall logout. Based on the REST style, it has multi-level access control system which suits the present campus networks. Resource permission is defined as three tiers: Web application layer, URI layer and operation layer. On the API design, it doesn't use the traditional Web Services based on SOAP, hut take a simpler, more effective REST web services API.