Research And Design Of Single Sign-On In Multi-domain System

Recently the cross-domain single sign-on is one of hotspot of research. Comparing with the traditional design scheme, it is not only applicable to one enterprise network or campus network, but also can apply to bigger network environment. If there are many authentication servers, how to make trust relationship among servers and let client managed by one authentication server use resources on another authentication server is a problem which will be solved at present. The design scheme of single sign-on can't form the big scale and it can't solve the interaction. The credit degree only depends on the trust relation of traditional scheme. Because traditional authentication model privileged by independent prerogative institution, protocol based on traditional authentication model is lack of rigor organizational configuration and restriction. So the protocol that based on this model lack of higher security and resist attack.Aiming at the existing question of single-point logging mechanism, we propose an lattice-based distributed united authentication model over many single-point logging system to make many single-point logging system which construct trust relationship between each other privilege among them, realize higher single-point logging and log-on. It makes one-point logging, whole-network visitation come true, it will be visited over areas and national boundaries, it is rigor organizational configuration, very good agility and expansibility to resist the collapse of single point , bottle-neck of network and reduce the scale of communication.Based on lattice-based single-point logging model with excessive trust field, we put forward cross-domain authentication protocol. The protocol supports mutual entity authentication between different trust fields and united authentication of large-scale cross-domain, avoiding safe hidden trouble, network bottleneck and single-point collapse problems by certain independent prerogative institution authentication in the traditional method. This protocol has higher security and resists attack than traditional protocol by analysis.Moreover, we track transformation of network resources dynamically by ant colony algorithm to modify lattice-based cross-domain authentication model flexibly and solve the problem caused by gigantic communication scales of traditional cross-domain authentication and inelasticity of modern network environment lacking of flexibility. The algorithm makes use of network resources better when it applies to distributed single-point logging, optimizes authentication among many trust fields, improves flexibility of cross-domain authentication, reduces delay and dithering of cross-domain authentication, economize expense of the accessing route.