| With the rapid development of computer networks, information management of resources and network shares are being applied to various fields, because of the complicated network structure, the coexistence of multiple secret application service system, the confidentiality of information resources and so on, it not only requires the authentication of users, but also the user's access permissions to strict control and audit, the design and implementation of the unified authentication and access control in Classified Information System meets the application system co-exist in a number of classified circumstances, on the user identity authentication, Centralized management authority, and access operations of the audit and Single sign-on needs, meanwhile, it solves the problem of no-coincident with user definition, the disordered management of organization and the complicated Role-Based Accessing management.The design and realization in this paper is the unified authentication and access control platform in Classified Information System, based on digital certificates, LDAP directory services technology, SSL standard protocol, RBAC role authorization models and single sign-on mechanisms, which use the directory services of the distribution. On the unified authentication and access control platform of the Classified Information System, the user and resource information are organized into a logical directory tree, so as to simplify certification center and the communication between the classified application systems. Use interface to redirect to realize the single sign-on, on the centralized management of original decentralized users. And in the authorization management, the role as a link is used to link the user with access permission and operated rights, Let the users to separate with the access rights. The users login access to the appropriate application access to authorized applications. And ultimately had a Web Service as the service interface, ensure to the authorized users and applications authorized information consistency and real-time, Meanwhile, the operation of the access audit for the platform.The author of the paper mainly study the authentication technology based on digital certificate and the model of RBAC access control, introduced the whole design and the detail design of the unified authentication and access control platform in Classified Information System, complied the detail design and development of the unified authentication module and unified authorized management module. And the platform realize centralized management of user information, unified authentication and centralized audit, and provide effective reference for the authentication and access control of the Classified Application System. |
PDF Full Text Request