| Great changes have been brought to world economy and the life of people is changed by computer network, people can share and achieve effective information resources through the network. So identity authentication and authorization management become increasingly important, which are the crucial parts of network application security. However, industries have introduced a variety of application systems, which have their own separate user database and authentication and authorization system for their business needs at different times. The coexistence of multi-application system and independent of each other cause the confusion of user authentication and anthorization management.General authentication and authorization service, providing an mapping of user identify and permissions, providing mechanisms of authentication, authorization and access control which is related to practical processing mode and independent of specific application systems management, is designed to provide identity and permission management for users and applications.This paper first introduces the basic concepts of PMI(Privilege Management Infrastructure), PKI(public key infrastructure) and LDAP(Lightweight Directory Access Protocol), analyzes the services based on PKI and describes the basic models of PMI and LDAP.Secondly, the paper describes the five modules of General Authentication and Authorization service, the module of authentication, the module of attribute certifications, the module of authorization management, the module of LDAP storage and application programming interface, and then designs and implements the modules in detail. The system contains two key processes-access control and permission assignments. When accessing to target resources, systems gets roles from user attribute certifications, and determine whether the user has access to target resources according to the permissions of roles; when assigning permissions, system creates information of users, resources and roles, sets permissions for roles and sets roles for users. System assigns roles to users according to responsibilities of users, stores permission information into attribute certification.Finally, the paper summarizes the main content and future work prospects of this article. |
PDF Full Text Request