| With the development of internet,more and more resources are digitized and internetized, how to access these resources more securely and more conveniently are becoming the hot issue. Shibboleth system is a distributed system for web single sign-on across or within organizational boundaries,which provides authentication and access control for resource access between domains.This paper will focus on the implemention of authentication mechanism based on Shibboleth.In this paper,we firstly introduce Shibboleth system,including overview,components, authentication and access control.Next,by building the example system of Shibboleth in the laboratory's environment and combining the features of Shibboleth,we analyze Shibboleth system from the aspects of deployment,single sign-on,authentication and access control,security.Then,we describe a performance issue in Shibboleth's conventional architecture,the whole flow of authentication and access control is a little time-consuming,especially the flow of access control can't go until the completion of authentication,result in more system delay.We propose and implement a new authentication mechanism based on Shibboleth as the solution.In our solution,the flow of authentication and access control,including some other flows will be intergraded,which can be done simultaneously without damaging the security of system.Finally,we analyze the security of our solution and prove performance by comparing the time consumption for accessing the resource protected between Shibboleth and our solution.Also, the performance of I/O in our solution is also tested and analysed.It is proved that our solution result in less system dalay without damaging the security of system.A new authentication model is introduced for resource access between domains. |
PDF Full Text Request