Research On Key Technologies Of Authentication In SOA Environment

Service-oriented architecture (SOA) provides an effective way to achieve interoperabilityfor distributed and heterogeneous software systems, but the SOA environment in which identitydistributed management、business dynamic collaboration and open characteristics of Webservice also brings many new challenges for authentication.Therefore, research on how toimplement dynamic and flexible authentication in SOA environment is a critical issue to ensurethat resources usage and business collaboration was under control.The thesis anylizes requirements of authentication in typical SOA environment, andexplores deeply into key technologies of authentication, and designs an authenticationframework for SOA environment.In order to effectively support the authentication framework,we propose a novel sigle sign-on protocol for cross-domain authentication and a web serviceauthentication protocol based identity-based cryptography.The main works are as follows:1.The thesis proposes an authentication framework which combines distributed identitymanagement、single sign-on and web service authentication to solve the problem of lackingauthentication framework in SOA environment.The framework satisifies the requirements ofdistributed identity managemen in SOA multi-domain environment, and achieves the goals ofsigle sign-on, and combines the identity authentication in application layer with the web serviceauthentication in service layer.2. The thesis designs a sigle sign-on protocol for cross-domain authentication basedmulti-domain federation. Focused on the requirement of single sign-on in multi-domaindynamic collaboration in SOA environment, the thesis proposes a sigle sign-on protocol byimproveing on the Kerberos protocol based on symmetrical cryptography,which has the abilityto establish the cross-domain authentication relationship dynamically and reduces the burden ofkey mangenment.By introducing the role-based access contros model into authorization phaseof the protocol,the paper proposes a new authorization scheme which makes use of the proxysignature algorithm to allow user can select his own role by hinself during a session.3. The thesis designs a web service authentication protocol based identity-basedcryptography to improve the user identification ticket transport efficiency in secure manner.Thepaper brings in the identity-based aggregate signature to secure identification ticket transport,presents an Identity-Based Aggregate SAML Path Verification (IBSPV) protocol, whichimproves transport efficiency a lot and reduces the burden of key mangenment. To ensureSOAP messages transport reliably, the paper also proposes a web service session authenticationprotocol based security context to improve the efficiency of the SOAP message authentication.4. We design an authentication system called GAMS, which combines distributed identity management、single sign-on and web service authentication.We also measure the performanceof web service authentication based Rampart module, and analyze the factor which causesperformance decline. Based on the conclusion, we analyze the response time of the web servicebased IBSPV protocol, the result shows that: the IBSPV protocol can improve the speed of webservice response.