The Research And Implementation Of Enterprise Identity Management System Based On SAML And REST

In this age of the network economy, businesses and organizations are in pursuit of new opportunities and are finding new ways of conducting business using the Internet. They must, at the same time, ensure that their exposed information assets remain secure. The increasing numbers of customers, employees, partners, and suppliers have forced businesses and organizations to provide virtually global-level access to their critical informational resources while they protect sensitive information from competitors and hackers. With the potential for business that these new opportunities present, organizations and users are more involved in accessing more and more disparate resources. With that access comes a greater risk of compromising the security of business information. To overcome these challenges, an effective identity management infrastructure solution becomes essential. Identity management is the only method by which organizations can achieve the levels of integration, security, service, streamlined operations all at reduced costs that the virtual enterprise demands.As the increasing of Business Corporation and Identity Federation and the emerging of the new technologies including SOA and Web2.0, the traditional Identity Management System (IdMS) can not meet users'requirements, no matter on the software usage or evolution. With the writer's IdMS development experience in IBM CRL as the project background, the paper will apply SAML specification and RESTFul Architecture into Identity Management domain in order to complete the software evolution against a Legacy System (a traditional IdMS) and construct the new version IdMS with high security, scalability, flexibility and efficiency. This paper will analysis the issues existing on Legacy System and propose solutions against them, and state the chosen and design of new IdMS'architecture. Furthermore, it will expound the design and implementation details of new IdMS'sub modules, including the data model of identity information on LDAP, Data Access tier, RESTFul data access interface and SAML-based Single Sign On module. Otherwise, the paper also discusses the relationship between the design of new IdMS and the software evolution to SOA and Web2.0.