| In the past recent years, along with the constantly development ofinformationization, the more enterprise realizes the importance of informationizationsecurity, the more it also knows more about the information system deeply. Therefore,security is the one of the important goal of informationization, and the keyperformance indicator of whether informationization is successful. The security ofinformationization construction is a big subject including a rich of content, whichinvolves from high level applications to low level infrastructure, such as networkcommunication etc. In general, enterprise informationization system contains variousapplications focusing on specific business requirements. How to implementsingle-sign on among such many applications to increase usability and securitybecomes a key problem that enterprise informationization should solves.The research achievement of this paper provides stable solution to solve aboveissue. This paper is based on an open standard network authentication protocol, whichis Kerberos. Kerberos came from an internal project of MIT, providing a completeauthentication model and API built upon network. It has been being proved inenterprise applications in past years. The reason why Kerberos is so solid is that itensures password will be never passed through network during the process ofauthentication, and the communication between peers is encrypted well.By deeply analyzing of online applications and realizing related specifications,the author summarizes three authentication models used in Web applications, and thenmakes a complete authentication solution based on Kerberos. This solution isfocusing on the design and implementation of authentication process between userand application and peer of hosts particularly. Open source technologies are used toimplement such solution, for example the Kerberos developed by MIT is chosen.Each of components of solution could be replaced with others that have samecapabilities to ensure flexibility and scalability.The research achievement of this paper has been applied to various applicationsin real enterprise informationization environment, and being work better in followingaspects. Firstly, to ensure user can log into applications easily and conveniently withonly one identity credential. Secondly, to reduce the cost of maintenance of massive identity credentials. The third one is to reduce the security risk of maintenance of suchhuge number of identity credentials. Finally, the central-management of identitycredential introduced by Kerberos allows developers to implement single-sign on asthe basic infrastructure to bring great flexibility and scalability. |
PDF Full Text Request