The Research Of Sign-On Solution PTSSO In The Environment Of Portal And Third-Party Applications

Portals and related third-party applications form a special network environment. In this network environment, the portal and any a third-party application is an individual platform, users have to remember all the passwords of the systems to meet the operating platforms'security policy, which makes it easy to be illegally intercepted by hackers and the security reduced accordingly. For these reasons, the single sign-on (SSO) technology has been introduced into the network, with the function that once a user authorized, he can access all the authorized network resources easily.It comes to be a mutually beneficial relationship between the portal and third-party applications. However, the traditional solutions of SSO aimed at resolving safe sign-on, which required third-party applications to save the user's basic information inner the system, portal can't keep the security of the extremely valuable resources.Due to the particular network environment composed of portal and the related third-party applications, this paper comparatively analyses the typical SSO solutions and reaches the conclusion that Web request proxy-based SSO is most suitable for the environment. To conquer the problem described above, this paper brings forward a new type of SSO named Portal and Third-Party Applications Single Sign On (PTSSO), which is improved from Web request proxy-based SSO, as the solution for users sign-on. This paper also describes the PTSSO login and logout processes and gives the interface definition of core function. This paper presents a model of PTSSO. In the model, asymmetric encryption technology is brought in to ensure the security of information exchange between third-party applications and portal; the unified authentication is adopt to make transplant and management easy; the use of WEB request proxy authentication, is to deploy a convenient way of maintenance and upgrading; Web services is also employed after users' authentication, to achieve the integration of users' sign-on and management of operation permissions and mapping user actions in the SOAP message to guarantee portals'user resources private. At last, we deployed the system in the project "WAP Enterprise Selfportal System", and the feasibility had been verified in the J2EE-based network environment.