Design Of Identity Management Platform Based On SML-RBAC

the network activity of all sizes are including the registration, login, authentication and cancellation of the user’s identity, which reply on a variety of identity management systems and platforms, which we can also call the IDM (identity management) systems. The IDM is based on the network and supported by a series of technology, which control the access to the application system for users and the relationship between the application systems and the identity of users, the IDM contains the user’s management, authentication, authorization and the access control, and the IDM systems is one of the most important infrastructure network activities. Among the technology of the IDM, the role-based access control (RBAC) is the core of the access control, but the traditional RBAC mode still exists some inadequates, we need to improve the model to adapt to today’s business and internal management of the environment; At the same time, with the gradual development of the standards of S AML and XACML, they can give IDM more support, the main work of this article is as follows:1. The article firstly analyzes the background and research status of the identity management, summarizes the IDM solutions of Oracle and IBM Tivoli, then analyzes the identity management solutions based on the standards of S AML, XACML, Liberty and so on.2. Followed by a research of the access control on the identity management, the article optimize the role-based of the access control (RBAC) mode to a intelligent multi-layer RBAC mode (SML-RBAC), resolves the following issues:firstly, the mode gives the role of division plan in details, which makes the role management of enterprise more convenient; secondly, it put forward a new authentication method to improve the security; thirdly, it gives an effective solution on permission management to prevent the permissions of roles on the top layer from excessive amplification.3. Then the article achieves an improved model of SML-RBAC based of SAML and XACML standards.4. Then the article begins to design a specific identity management platform,it includes the functions as the account registration for the new users, the account and revocation of association for the users, single sign-on and single logout, the management of authorization policy and so on, then the article designs the overall framework of an identity management system, describes the main functional blocks of the system and the specific chart. Finally, the article gives the deployment scenarios of the identity management platform, the functional verification and the performance analysis of the system.At the end of this article,the author makes a conclusion and give an outlook.