| With the rapid development of information technology, many enterprises and public institutions have introduced various types of information application systems. Various application systems have improved efficiency and reduced costs but also brought about some problems, one of which is the complexity of user authentication and the confusion of rights management due to the independence of application systems, and this problem is very common in e-government system.Therefore, the researches on cross-domain user authentication and centralized authorization are of great significance and practical value.Firstly, this thesis studies the cutting-edge technologies involved in user authentication and authorization, then analyzes the existing single sign-on model, and points out the shortages of each model in solving the problem of user unified authentication and centralized authorization. According to the above analysis, an authentication and authorization system is built based on SAML and PMI. This system uses PKI-CA certification to realize the unified user authentication, and PMI-SOA authorization manage center to centralize user rights management. By combining the hierarchical structure of PKI and PMI, a cross-certification is designed for users secure access into cross-domain. Meanwhile, the thesis abstracts the data model of this system and defines all the entities in the model and their relationships. The functional model of this system is analyzed from the following five aspects:the authentication management, authorization management, resource registration services, information maintenance management, and authentication log management. To ensure the secure transmission of Authentication and Authorization information, this system uses the Extended SSL protocol for data transmission.Secondly, this thesis, based on the government information system of a municipal financial bureau, analyzes the user authentication and authorization management of this system to develop a government authentication and authorization system according to the authorization and authentication mechanism of PMI and SAML. This system integrates the user authentication and rights management of various information systems of the financial bureau, and realizes the single sign-on of user authentications and concentrated authorization. The system is designed concretely from five aspects-the user authentication, authorization management, cross-domain, single point log-out management and databases. An analysis of the system's security, manageability, enforceability and scalability shows that the system also has better performance in the realization of the single sign-on of user authentications and concentrated authorization.Finally, a summary and several suggestions and assumptions on the research of this new system are given in this thesis. |
PDF Full Text Request