The Design And Implementation Of Cross-domain Authentication And Authorization System

Service oriented structure has become an important support for the publication and access of the widely-applied network. With the rapid development of information technology, it leads to more and more interoperability requirements inter trust domains, in an environment of multi trust domain, how to protect the security of services is particularly important. Therefore, the study of cross-domain security authentication and authorization under SOA environment is an urgent problem.This paper starts from analysis of the traditional single login model based on SAML, and proposes an improved single login model, and then use the model to design a cross-domain authentication system. Cross-domain authentication is based on the domain identity authentication technology, first user must successfully be authenticated in this domain to get authentication token, and then to take the token to do cross-domain login. Firstly, this paper designs and implement the core part of identity authentication technology in domain, a mutual authentication protocol, which completed authenticating each other’s identity between the client and server, to make sure the security of certification process. And then this paper designs the format of authentication token and implements authentication token generation and the capabilities of authentication token. Final, it designs of the SAML token-based cross-domain authentication service, which is responsible for log on of the outside domain user with a token, outside users online list maintenance, the token storage, outside domain user log off and so on.After that, this paper explains out the need based on distributed authorization system in domain to achieve cross-domain logon problems: trust management and attribute mapping. Then it designs and implements these two modules, cross-domain trust management center provides security for cross domain authorization system. It designs a trust model, and provides confidence value calculation and trusted model adjustment function;Attribute mapping services are primarily to develop a set of attribute mapping r ules, by automatic analysis of mapping rules, to map in-domain user attributes to the ext racellular domain properties that make authorization work normally.Finally, this paper tests the designed and implemented mechanism, proves the correctness and security of each functional point designed.