Research And Design Of Key Technology In Unified Identity Authentication System Of YBC Service Support Platform

With the vigorous and rapid development of the information technology, theInternet and the business systems of business organization, more and more businesssystems and Websites have emerged, such as OA, forums, ERP and so on. Meanwhile,a variety of support systems and the number of users is increasing, and the networksize is expanding rapidly. Due to the needs of the technology, the user must registerhis personal information in each database of the system and become a registered user.Only in this way, can the system provide users with better personalized services.However, it will bring the following questions.Firstly, it is very cumbersome toconfigure the account password, because it needs to do it on each network device,host system or application system, these passwords have the risk of being tapped,stolen and abused. This raises a series of problems such as security threat，low-efficiency and access control strategy shortage.Therefore it is necessary to build aunified identity authentication and authorization system.In the Youth Business International Plan of China (YBC), a project whichcontains the financial system, OA, project card systems, publicity room systems,human resources systems and so on, the issues of authorization are more complicated.Because all data has strong confidentiality, and it needs high confidentiality andsecurity, the issues of authorization are related to the success of the project. Thisarticle which has repeated demonstration and testing is based on the fullunderstanding of various business systems of the platform. It has successfullydeveloped and building an enterprise business unified authentication system. It hasdrawn on the authentication protocol of Kerberos, and it has learned it’scharacteristics of the trusted third-party authentication, centralized management ofusers’ identities and the encryption of messages. So that it has built a single sign-on model whose carrier is Cookie and which applies to Web. Simultaneously, it hasstudied the model of the role-based access and control and expanded them in themechanisms of resources and authorizations. And it has also used the LightweightDirectory Access Protocol–LDAP to access the achievement. Finally, based on theabove two points it has constructed the unified identity authorization system of YBC.