| (Single Sign-on)SSO is an user-friendly technology to access the resources through the network. In the complex network environment or the circumstances of distribution, users only need a login to get the availability on multiple systems and application services for all authorized resources. In that case there is no need to re-enter the user name and password to get the access authentication and authorization again and again. So far many commercial software companies and research institutions have put forward the corresponding solutions. But at the same time, all the imperfections of standards and poor compatibility propose a new set of problems to the industry.In order to meet the internal business requirements of building a centralized authentication & authorization mechanism, there are a few meaningful attempts in this article on both design and implementation of a SSO system based on ontology model:1. Domain ontology model is used for abstracting the shared system access control module and for describing a knowledgebase of access control policies.2. Prototype to commercial banks, the shared domain knowledge for access control and the rules of logic are defined. It constructs the corresponding domain ontology model as the basis of access control strategy.3. Using XACML as the transmission format for strategy, and ontology knowledgebase as a strategy document, it then proposes a design for a set of access control mechanism.4. Considering the security of information transmission, it illustrates the design for the detailed processes of unified authentication and authorization.5. As there is a variety of deficiencies for SAML. In order to make full use of the norms of scalability, some open toolkits are used. And also some extentions of a foundation class library are made. Then a standardized SSO system was designed based on SAML, covering ontology model.SAML standard only defines some standardized entities and processes, and there is no concrete realization. So in the stage of design and implementation, this paper focuses on the field of Ontology Construction for the project, as well as the availability of the technology in the areas of engineering. It tries to take the advantage of their knowledge expression for applying to a SSO architecture. And then according to the actual needs of the business scene, it designs the implementation of a hierarchical structure. With the actual project, the design of the prototype system achieves a good effect.Finally, the article gives the conclusion of the Single Sign-on system based on ontology model and its application, and also provides an overview of further work. |
PDF Full Text Request