| With the rapid development of information technology, especially the widespread application of Internet technology, electronic government and electronic commerce have become the most important development field of information technology. It is important to guarantee information security in the network to electronic government and electronic commerce. Authentication is one of the most important mechanisms to implement network security by protecting our information from unauthorized accesses, which allows each party to a communication to be sure of the identity of the other. Cross-domain authentication is to implement Single Sign On mechanisms on more than one domain which is based on the single domain authentication.One of apparent merits about Web Service is that it could realize resource sharing and intercourse under heterogeneous environment. But the secure problem following this character makes many enterprises confine Web Service to their inner part. One user who needs to log on varied systems is required to present varied identities, which would lead to many problems such as too many identities needed to remember, log on system too many times, password multiply too much, the risk of passwords being stolen increase and too much work has to be done to maintain the user's identify, etc. In order to solve these problems above, there is a growing requirement for identify management system supporting across domains. And identity federation advocates that users should scatter their verified information around multiple databases and form an identity verification federation in order to free the user of the trouble of logging too many times and simplify the identity management.Firstly this thesis analyzes the requirement of Web Service security and the developing trend of identity authentication, which lead to research content and sense for the federated identity authentication. Then some basic knowledge will be presented in this thesis, including Kerberos, PKI and SAML. Based on them, distributed model is put forward with detailed analysis and arguments. After that, deeply discussed the SAML, and then develop a real system which can realize the cross-domain identity authentication based SAML. |
PDF Full Text Request