| With the increasing popularity of information technology (IT), as well as the growth in geometrical manners thanks to the gradual acceleration of China space in the construction, IT is becoming the essential tool in supporting the production of various industries including energy, telecommunications, finance, transport, industry, agriculture and service sectors. Concerning this, the State Grid Corporation of China (SGCC) has invested vigorously in the construction of information technology during the "Eleventh Five-Year". However, as the construction process develops, it is now apparent that business units of the corporation require business systems that are highly monotonous and non-reusable, wasting a large proportion of management costs. It becomes increasingly important for IT personnel to figure out ways to create value for business units by saving labor costs, improving management efficiency, and strengthening the unity of management and control of various business systems and reducing the cost of operation and maintenance of information systems, as well as providing basic services based on unified identities, single-point logon and identity management for various applications via the integration of various business systems and data sources, without affecting the diversity of current functions that support diversified business applications. The major target of this research is to build a unified authentication system within SGCC to provide integrated support and administration of business application systems across different platforms and databases.This research fully investigates the current situation of SGCC departments (business units) and application systems and, with due concern of integration, security, stability and sophistication principles, provides the design framework of a unified authentication system based on LDAP (Lightweight Directory Access Protocol) that integrates the management of user information under organizational levels of each business units, as well as basic user data for the business applications. Each application may withdraw its own user system, and adopt the directory data source of the unified authentication system as its user database. The same user can log on several business application systems at a single point with different permissions in each system via reverse proxy and unified authentication technologies. Data can be copied and synchronized across different data sources, and have property changes been applied during the process, via identity management services to enhance data channel security. The unified identity management tools are designed on J2EE architecture to realize the management of organizational structures, user information, applications and authorizations of directory data sources. Concerning the fast development and frequent updates of SGCC information systems, plus the multiplicity and instability of business requirements, as well as the possibility of single point failures caused by the features of unified authentication systems, each subsystemis devised in a relatively independent manner to ensure the stability of the system and enhance the simplicity in updating and integration. The unified authentication system will provide powerful support for SGCC in its plan to build the world’s largest group enterprise information system and, as the system improves, it will play an important role in the construction of large-scale, multi-platform IT systems. |
PDF Full Text Request