Design And Realization Of Unified Identity Authentication System Based On The Distributed Environment

With the increasing development of information technology,a variety of Internet-based applications have been developed.As every application system has its own set of security policy and user authentication method.When a user wants to access to a number of systems,he needs to verify his identity for many times.The Unified Identity Authentication System centralized manages users belong to different systems,the user only needs to verify once,then he can visit every application system. It's more convenient for the user and improves the security level.In this paper,we analyze some existing mechanism of Unified Identity Authentication,and consider the requirements of the User management module of an enterprise resource planning project.This paper introduces a Unified Identity Authentication model based on the Distributed Environment.A safety trust chain based on user proxy is used in this model,by using user proxy and proxy certificate,it lightens the burden of certification authentication server effectively,and improves the security level of the Unified Identity System.In view of the traditional privilege management which couples user and privilege directly,we design the privilege management module based on RBAC model which has a user-role-privilege approach. This approach effectively improves the flexibility and security.Safety certificate is a key to the system,and then we use the X.509 standard which has been proved very safe.This model uses LDAP repositories of authentication information that can improve the performance of query operations and security level.In the medium-sized enterprise resource planning project,we use the safety trust chain to achieve a better performance of identity management module.The user only needs to verify once and the user's identity information are only transported to the certificate authentication server.So it reduces the possibility of losing password.And the burden of the certificate authentication server can be distributed averagely among the other servers.With the gradual perfection of the Unified Identity Authentication system,it will play an important role in the project.