Research And Implementation Of Authentication And Authority System Based On Integrated Access Control

With the sustained and rapid economic development of our country, the process of enterprise information develops rapidly, information technology and network technology has become the key factor for success in the fierce market competition. At present, domestic enterprises have adopted ERP,SCM,CRM,HRM,OA and other information systems; gradually achieve a comprehensive, multi-angle Information Management. Through using information technology platform, constantly improve the work efficiency, reduce operating costs and enhance the competitiveness of enterprises. Through the development of enterprise, more and more information system created, therefore the establishment of a safe and effective authentication, authorization became increasingly important.Based on the efficiency and safety factors, enterprises urgently need to change the traditional method of authentication into a more efficient and security way, the concept of the single sign on created. In access control aspect, a large number of access control model created by domestic and foreign scholars. If divided by authorization strategy, access control model contain: DAC, MAC, RBAC, TBAC, TRBAC.To meet the different needs of the application system access control, the paper presented a comprehensive access control model, provided the model-formalized description. This model organically unified the MAC,RBAC and TBAC together. In order to enhance the flexibility of model, the model was further improved. The improved model can be according to different application systems need to establish the most suitable access control model. This system adopted Agent& Broker SSO model, expanded Kerberos authentication protocol, replaced time-based authenticator with random number, and combined the symmetrical encryption with asymmetrical encryption, overcame the shortcoming of Kerberos. According to the distributed characteristic of enterprise application, the system adopted Web Services technology, offers unified identity authentication and authorization for enterprise application. Given the overall design and core model design of the Authentication and Authorization System. The Authentication and Authorization System was independent of specific applications, including applications for identity authentication, secure transmission, data confidentiality, data integrity, access control, power management, Application-level auditing and so on.