Research And Development Of Authorization Management Technology And Single Sign-on Technology In Financial Information System

With the continuous development of information technologies, problems emerge in the large application systems, such as inefficiency in authorization, can’t be able to achieve fine-grained access control. Through the research RBAC96, ARBAC97and ARBAC02, to find there deficiencies and combine with characteristics of the financial business, this thesis presents an improved RBAC model. The improved RBAC model has several characteristics:add the organization, set the fine-grained permission, expend the user concept and add the distributed authorization. The organization is divided into the resources and users, to support the fine-grained access control. Extended the administrator role, we divide the administrator role to two types:system administrator role and general administrator role. The system administrator can manage all of the organization resources; while the general administrator can only manage the resource which he has the permissions. In this way, it constructs the tree-type management relationship, which can improve the efficiency and realize the fine-grained access control. As we use the user-organization resources-role tripartite binding, we can reduce the role redundancy and improve the authorization flexibility.Meanwhile, there are many application systems in the financial information platform, which user need to record a variety of account password problem, we realize the single sign-on system based on SAML to simplify the user operation. Based on the understanding of SAML, analysis the SAML single sign-on model, we focused on strengthening the security level in SAML single sign-on transmission process, to ensure the safe communication.The thesis gives the formal definition and control policy of the improved RBAC model. We design and implementation the authorization management system in financial information platform based on the improved RBAC model. Through the selected technical implementation framework, design overall architecture of system, design the each function models and design the data model, finally we realize the authorization management system. In addition, according to the improved SAML single-sign on model and use the SAML single sign-on API which design as the components, we configure and implementation the source server and target server which needed in single-sign on system. At last, we realize the SAML single sign-on.