| With the development of information and network technology, applications of different kinds are getting popularized. For the efficient use of users and the convenient management of administrators, Single Sign-On (SSO) and the demand of security, efficient management of authorization are getting more intense.At the request mentioned above, this paper researches and analyses the advantages and the disadvantages of the existing schemes of SSO and management of authorization, then designs and realizes a Single Access Control (SAC) System based on the Security Assertion Markup Language (SAML) and Attribute Certificate (AC) with former acknowledge. The system adopts transmission mechanism of SAML and describes mechanism of authorization information in SAML, as well as introduction of description mechanism of authorization to attribute certification, which combines the advantage of SAML and AC and makes up each shortage.This system realizes SSO and separates authorization and access control from application. It also develops the mechanism of uniform user management, grade authorization. It improves the convenience of management, safety flexibility and expansibility of system, likewise the improvement of efficiency.This paper realizes attribute certification with XML to predigest the generation of certification and process of validation, to guarantee the uniform of attribute certification and SAML in disposal ways, to simplify the realization of system and to improve the reliability and expansibility. It also frames a description mechanism of authorization information, which can describe DAC, DMC and RBAC as well as the compatibility with inhere system.It is proved that relative technology in this article is feasible and efficient in the 'Application and Administration Technological Platform of Distributed Mobile Users' in the library of CAS,... |
PDF Full Text Request