| SOA which is known for its open, flexible, reusable design features brings an effectivemethod for the building of information systems and becomes the mainstream of software systemsdesign architecture and development technology. However, dynamic collaborative environmentwhich is caused by the open architecture also leads to new security threats and challenges whenusers access information systems. Authentication is an important mechanism to solve the securityproblem of information system, but traditional authentication techniques generally only achievessecurity access in single aspect of fixed process mode. It doesn’t apply to the SOA serviceenvironment where resources are distributive deployed and collaborative relationship isdynamically changed.To solve the problem above, this paper detailed researches the demand of SOA-basedauthentication technologies. And then it deeply analyses unified identity management fordistributed collaborative environment, cross-domain authentication in heterogeneous systemsand session secure interaction technology. The thesis propose a SOA-based authenticationservices framework on this basis, and design a series of mechanisms for unified identitymanagement and service security interaction, and effectively achieve unified management andauthentication of the identity for the heterogeneous systems in multiple domains. The mainworks are as follows:(1) The thesis proposes a framework for SOA-based authentication services. On the basis ofthe research on the security characteristics and the demand of the SOA environment, the thesisproposes a framework for SOA-based authentication services according to the systemsengineering, and processes a detailed study of overall structure,internal composition and thework mode of the services framework. In this way,the unified identity management,thecross-domain authentication in dynamic collaborative and Web services security interactiontechnologies can be combined. The framework can meet the demand of authentication based onSOA and laid an important foundation for the design of the authentication service.(2) The thesis designs a mechanism for unified identity management in distributedheterogeneous environments. For the requirements of SOA environment under the domain ofself-management status of information resources, the thesis designs a serial mechanism suitableto the framework of authentication services for the unified identity management system. Itreunifies heterogeneous user information by introducing a LDAP-based identity directory, andresearches the identity directory management mechanism under the conditions of dynamic collaboration. It improves retrieval algorithm of the directory server and directory entry which issuitable for distributed environment,and achieves swift information querying for large numberof distributed heterogeneous users. The identity management serial mechanism provides aunified management method of identity resources logically consistent and physically separate toSOA-based authentication services.(3)The thesis process a service session authentication protocol ABSAP based on theaggregate signature algorithm. Aiming to the efficiency requirements for creating the servicessession channel dynamically, the protocol ABSAP improves the efficiency of the sessionauthentication in multi-service interactive environment in the case of the third party forged bythe method of decomposing the main key. Aiming to the security requirements for thetransmission of service SOAP messages, it achieved interoperable security by processing SOAPmessage signature and encryption with a domain name-based token. The mechanism solved theproblem of services interaction security in the framework on both session level and messagelevel.(4) The thesis designs and implement key modules o f SOA-based authentication services onthe basis of theory,which has a loose coupling and reusability, and can meet the applicationrequirements under the SOA environment. This design validated the correctness and feasibilityof the theory. |
PDF Full Text Request