Research On Cross-Domain Authentication And Authorization Mechanism Based On Trust Management

With the development of informationization, PKI security infrastructers are set up in many trades and areas. In multi-domains networks the problem of cross-domain authentication and authorization must be solved when users belonged to different trust domains need to exchange their information or cross domain accessing.This dissertation deeply studies the mechanisms of cross-domain authentication and authorization in multi-domains distributed networks. The main work of this dissertation is as follows:1. Deeply analyze the present research of cross-domain authentication and authorization and trust theory. The present methods used to realize cross-domain authentication and authorization are summarized and the disadvantages of them are proposed. Also the definition of trust and trust management are discussed. The trust management theories and trust models are analyzed.2. The method of cross-domain authentication based on PKI is proposed and the protoal of cross-domain authentication is proved.3. Also, this dissertation proposed a method of cross-domain authentication based on trust. This method founds the trust relationship between domains by the computation of trust values. The characteristic of these two methods are deeply analyzed.4. A new method of cross-domain authorization based on trust (T-Based AM) is proposed. The computation of users' trusts and their impact on the map of user and roles are discussed. Comparison shows that the T-Based AM is proper to the need of cross-domain accessing in multi-domain networks.5. The system which incorporate cross-domain authorization and cross-domain authentication is designed and the prototype system is realized. The structure of an incorporate system combining cross-domain authentication and authorization in multi-domain networks is designed. Particularly the authentication and authorization system and trust management system are introduced.This dissertation proposes a structure of an incorporate system combining cross-domain authentication and authorization. This system can realize cross-domain authentication in various application environment, users' reputation decide their privilege and the privileges are distributed by the owners of resources. So this system can easily meet the need of cross domain accessing in multi-domain distributed networks.