Research On Cross-realm Authentication System Based On Service Location Protocol

The main content of this thesis is resolving the issuses of automatic configuration of nodes in cross-realm identity authentication system.Firstly, this thesis briefly introduces the mainstream of the current identity authentication systems and their basic mechanisms, followed by the comparison of several aspects of these systems. According to the comparison, the thesis decides to take Diameter as a specific identity authentication system to research. In cross-realm identity authentication system, almost all nodes generally use static configuration. It is a way lack of flexibility and difficult to do system management. Thus, this thesis decides to use the service discovery protocol to achieve dynamic auto-discovery among the nodes. After comparing the current four common service discovery protocols, the thesis proposes Service Location Protocol as a solution to the issues.Chapter 1 is introduction of this thesis. This chapter introduces the significance and purpose of the study, and the main content of the research. Through this introductory chapter, the basic structure and a broad framework of this thesis can be understood.In the second chapter, a brief and relatively common identity authentication system, which are AAA, Remote Authentication Dial In User Service and Diameter identity authentication system. Remote Authentication Dial In User Service is the most extensive application of identity authentication protocol. Because of some shortcomings, this thesis uses the next generation of identity authentication protocol Diameter as a specific identity authentication system to research.The third chapter introduces four service discovery protocols, and gives a simple comparison of their advantages and disadvantages. Considered all relevant factors, this thesis believes that the Service Location Protocol is suitable for resolving dynamic discovery of nodes in cross-realm identity authentication system.In chapter four, the Service Location Protocol is divided into five function modules, which completed service discovery, service registration and other functions. Then, this chapter will introduce how to use the Service Location Protocol to achieve the dynamic configuration of identity authentication system and the deployment of this system. After specially introducing the work process of applying the service location protocol in authentication system, this thesis gives a test. Finally, we also give a brief introduction of remote service discovery in the service location protocol via DNS SRV. Chapter 5 gives the main conclusions presented in this thesis as well as the works which need to be further addressed in the future.Finally, the thanks and references.