A Unified Authentication Platform Supporting Multiple Authentication Modes Based On SOA

In the web services environment, authentication methods of different system in the aspect of mechanism and achievement varies because of its dynamic, open, heterogeneous and distributed. In order to exchange information among different systems, the problem of implementing unified integration of the authentication mechanism in heterogeneous systems must be solved. Designing unified authentication platform to integrate heterogeneous authentication systems is the key to solve the problems of cross-domain authentication and delegation.Based on design of the existing SOA, web service security specification and typical authentication techniques, a mechanism of integrating multiple authentication methods for web service-oriented environment is proposed, and the problems of cross-domain authentication and delegation are solved by the pseudonym signature. By doing this , the safety of the users'identity information in the course of cross-domain information interaction is effectively enhanced. Works are as follows:1. A SOA-based architecture of unified authentication platform to integrate multiple authentication methods and safety services is designed. On the basis of the requirement analysis and integration of safety services functions, an ESB-based unified authentication model is proposed. The unified managing, authenticating and authorizing services are designed by the SOA service-designed methods. Then, a multi-authentication protocol which supports multiple authenticating methods such as the authentication based on passwords, the authentication based on biology and the authentication based on certificate is designed. It meets the general integrated demand of multiple authentication methods and services in the web services environment.2. A cross-domain authentication mechanism and a delegation mechanism are proposed based on pseudonym signature. To satisfy the requirement of cross-domain authentication and delegation, a cross-domain authentication protocol based on pseudonym signature is designed by integrating the efficiency of the identity-based signature and the privacy protected of pseudonym techniques. Then, a mechanism of cross-web services delegation is designed by combining pseudonym signature and proxy signature. The mechanisms can meet the application demand of extensibility and across-platform, and possess the advantages of the simplicity, efficiency and the privacy protected.3. The unified authentication platform based on SOA is implemented by .NET in the environment of Microsoft Visual Studio 2005, and is also tested to validate it.