| With the rapid development of the network technology and the information technology, different authentication systems have to complete the information interaction and integration under the premise of protection for user privacy and information security, so the administrators, users and even developers have been brought some new problems. How to provide security, and establish exchange mechanism between different authentication systems? Then the concept of Unified Identity Authentication is put out. The representative system is Microsoft.Net Passport. It is a centralized authentication mechanism. Microsoft manages all the authentication information of enterprises. This directly increases the risk of businesses and users'privacy. Therefore, Liberty Alliance proposed several specifications about Identity Authentication based on SAML. This technique establishes relationship of user's identity information between systems, but does not change the organization of the scattered identity information. Then the information island can be combined to system alliance, and the function of Unified Identity Authentication will be implemented. Liberty Alliance technology has become a direction of the field of identity authentication.Trending of the development of Liberty Alliance, this paper choose the Liberty Alliance specification as a research base on Unified Identity Authentication System that belongs to the Public Service Platform of Technology Evaluation. After considering the characteristics of the distributed network and the actual needs of the Platform, this paper optimizes the network model of existing identity authentication in the basement of pre-study, and introduces the concept of Location Service. This is not only to simplify the process of federation building or exit, but also accelerate the speed of service searching, and also improve the efficiency of the network. Then, this paper designs a multi-level identity authentication network model and an information exchange model based on Location Service. Also, designs relating security module, considering system security such as SAML assertion transmission and system access. At first, this paper begins to study Liberty, SAML, Web Service Security, then puts forward a Unified Identity Authentication framework that contains of SSO, integration of a variety of identity authentication, secure transmission of message and efficient management. According to this framework, this paper designs the stratified implementation framework of the system. Finally, it designs and implements the main functional modules of the system. |
PDF Full Text Request