| With the rapid development of network technology, a variety of campus- based application systems come into existence. But independent certifications of the various application systems limit centralized management of the campus network, so users need to login and make identity authentication whenever they access a different application. Therefore, as an important part of the construction of digital campus, it is necessary to establish an unified identity authentication system, which could make a centralized management, authentication and authorization of network users.In this paper, unified identity authentication technologies both at home and abroad at this stage are analyzed and researched. It is found that no matter form the view of safety or flexibility, no single model is perfect. In order to meet the challenges of campus digitalized construction, several identity authentication models are summarized and compared. A novel authentication model with a three-tier architecture is proposed based on the agent model. Compared with traditional models, this improved model owns higher loose coupling, data sharing and maintainability. At the practical applications of application layer, most traditional identity authentication interface technologies adopt Web Service. As a very mature technology, it could solve the problem of cross-domain authentication, but still it can not avoid the trouble of low speed caused by high data volume. In this paper, an underlying authentication technology based on the ICE middleware is proposed to provide a client-side with multi-operation platform and development framework, realizing the capability of cross-platform. And a multi-priority non-preemptive M/M/n queue model is established by using the way of modeling. The serving performance of middleware is analyzed, and the balanced relation between a shorter waiting time and the number of datawindow services is verified by experiments. The system achieves the best balanced state, achieving an integration of theory and practice. In the study of service layer, some improvements are made for the traditional access control methods. Getting rid of ACL, adopted is a combination of BRAC access control with Lightweight Directory Access Protocol (LDAP). A more subtle and precise access control of particular resources and specific user settings is achieved.Finally, based on theoretical studies, for the specific requirements of Digital Campus construction of Chongqing University, a specific identity authentication model is designed, including the design of LDAP directory and the modification of authentication interface and of the application systems. The flexibility and scalability are verified in practical items and the test data which can prove the running stability of this system are obtained. |
PDF Full Text Request