| How to protect information asset is greatly concerned by enterprise and softwareproviders. On management view we can manage information asset depend on "ISO/IEC27001:2005--Information security management systems--Requirements". On techniqueview we need to use different intensive methods to protect the data of different safe levels.This article is mainly discusses the protection of user authentication and authorization data.Platform service constants of authentication service, authorization service andmanagement console service. Authentication service provides user login and logout functions,SAML2.0functions. Authorization service provides web service for evaluate user’sauthorities, forbidden URLs, and the login application authority. Management console is tomanage data of personal information, organization, application, authority, role and policy file.The highest safe level data is password, we used the scrypt algorithm to encrypt. Byspecify right salt length, CPU cost, memory cost and parallelization parameters, it made thecost time to be average200millisecond per execute, then increased the attack cost, preventautomatic attack, like Brute-force attack. The next safe level is authorized data, only need tobe secured at the transport level by TLS.The authentication service is based on shibboleth-idp, Java service provider can integrateby Spring Security SAML to support SAML, and other language can use shibboleth-sp. Theauthorization service use Banala to evaluate XACML3.0policy file. The managementconsole is a SAML service provider, developed by current popular technique, Spring MVC,MyBatis and JQuery. These JavaEE services must be deployed in Servlet Container.Using this platform, service provider can’t access user data directly, only call platformservice to satisfy needs. So service only need to manage its own business data, and use propermethod to protect it. Then reduced their safe duty and safe management cost, improvedenterprise’s data protect level, reduce the leak risk of key data. |
PDF Full Text Request