The Research Of Authentication And Authorization In Digital Campus Based On OpenID And OAuth

With the construction and development of the digital campus, a variety of networkapplications has become the important foundation for all aspects of assisted universityresearch, the management of work and teaching. As the growing number of networkapplications,to improve the usability of application systems, there is more demand ofuser and resource among the systems, since a lot disadvantage in the existing unifiedauthentication and authorization technology just like user management difficulty, lackof standards of data exchange between applications and they can not meet the securityauthentication of heterogeneous systems integration and data access authorizationrequirements anymore. The authentication mechanism of user-centered which supportscross-domain as well as secure data authorized access has become the inevitabledemand to promote the further development of the digital campus.This paper proposes a new decentralized authentication and authorization modelwith depth study of the existing authentication and access control technology. TheDAAM provides a common set of solutions for authentication and authorizationmechanisms of heterogeneous application systems of the digital campus, breaking downthe barriers exist in the data integration among different applications, eliminating the"Information Island" problems. The main work and contribution of this paper includes:(1) We describe the principal of authentication and authorization technology,propose DAAM, the design ideas, design objectives of DAAM, the basic framework ofthe DAAM and functional description. We study the decentralized authentication, thecertified integration of heterogeneous systems with the user identity transitionmechanism, token-based data access mechanism for data access authorization of theDAAM, analysis the security of DAAM with the digital campus environment finally.(2) We implement the frame of DAAM based on the open-source framework ofOpenID and OAuth, by extending the token payment agreement, to achieve theintegration of user unified authentication and secure data access, achieve framework ofoverall DAAM through authentication, data transmission and other components.(3) We give the design of a digital campus environment based on DAAM achievedecentralized authentication and authorization solutions, implement DAAM in GraduateSchool of Information Systems campus, give the valadition of DAAM.In summary, the proposed decentralized authentication and authorization model fordigital campus construction has some theoretical significance and practical value.