| With the popularization of computer network and the development of telecommunication and computer technologies, the number of applications has been increasing in enterprise network. However, every application system has its own identity authentication mechanism. The user who wants to access to these applications must be identified seriatim. As a result, more risks on security are taken and the application servers tend to be overburdened. Then the efficiency of accessing is decreased. Consequently, an identity authentication system that can provide uniform authentication and management is in demand.In order to resolve the authentication problem of multi-application, according to the requirement of the multi-applications with single authentication, this paper puts forward a new kind of uniform authentication system. This system adopts a mix of agent and broker-based single-sign authentication model which is composed of authentication server, privilege server, certificate authority, security management information database, application server. When users try to access to the application servers, this model demands a uniform strong authentication through the authentication server. At the same time, a improved RBAC is used for managing the privilege of user. Finally the relative independence between authentication server and application systems comes true. The encrpytion techniques and authentication techniques adopted in the system assure the authenticity, confidentiality and integrality of information when users are authenticated. The log function assures that users cannot deny their operations.The layers in the system keep independence from each other, which make the system loose coupling, and easy to be integrated. New application system which has no its user management system also can implement authentication and authorization depending on uniform authentication system, which reduce the difficulty of development. |
PDF Full Text Request