| SOA is the most important supporting technology for the construction offoundational software and large scale information system, which enables enterprises tointegrate their business providing to customers and partners. So it enhances businessagility. Due to the change of architecture, tradition security mechanism can not fulfillSOA-based applications’ security requirements. So it is the high time we design asecurity model that fulfills SOA-based applications’ security requirement but not hurtsSOA’s loose coupling and high scalability features.This paper comes from The National Defense Pre-Research Foundation ofChina.In the service oriented computing environment, Identity Authentication plays avery important role in the security needs. Based on SOA features and advantages、 SOAbasic theory and the thorough study of a variety of security specifications, according tothe need of the information systems to change to service oriented architecture, this paperdealt mainly with the Identity Authentication problem in the SOA environment. AnIdentity Authentication model which focus on problems such as inter-domain trust andcross-domain interoperate is proposed in this paper. It adopted the certificate translationmechanism,therefore, Identity Authentication can be done between trust domains withdifferent security mechanisms。In the current distributed network environment, Kerberos is the most widely usedidentity authentication protocol. It is a trusted third party based protocol, which used thesymmetric key encryption algorithm DES to implement the authentication service of theKDC. This paper dealt with the Kerberos protocol, and based which we built a safe、efficient and practical model of identity authentication. The overall design of thismodel、authentication process and the detail design of each functional module of thesystem have also analyzed in the paper. The identity authentication system eventuallypublished as a Web service on the network, to provide users with the appropriateinterfaces to complete the authentication. Finally, the test of this system is given in thispaper. |
PDF Full Text Request