LDAP的研究及其在统一身份认证系统中的应用

统一身份认证服务系统的功能是建立一个能够服务于所有应用系统的统一的身份认证系统,采用唯一的用户信息数据库系统对用户信息统一进行管理,每个应用系统都通过该认证系统来进行用户的身份认证,而不再需要开发各自独立的用户认证模块,用户只需一次登录就可以访问网络中各应用系统相应权限内的资源。各应用系统通过LDAP将用户或组织的信息以层次结构,面向对象的数据库的方式加以收集和管理。介绍了LDAP协议及其四种基本模型,阐述了统一身份认证思想,并设计了基于LDAP协议的统一身份认证系统。     

基于Web Services的统一身份认证系统研究与实现

针对网络应用系统遇到的用户身份管理安全性与用户操作方便性问题,提出一种基于Web Services与RBAC等相关技术的统一身份认证方案．该方案解决多个异构系统的统一身份认证与授权问题。同时,对系统安全性问题进行研究、分析,并使用SSL和XML安全协议解决常见的网络安全问题,确保系统运行安全。     

基于SOA的统一身份认证服务技术研究与实现

本文以面向服务的思想为出发点,借鉴Kerberos认证协议的用户认证方式,提出了一种基于SOA的统一身份认证架构,讨论了该系统的架构设计、架构依赖的技术基础、架构的组成要素及逻辑关系以及架构的功能特性分析,并基于SOA的统一身份认证系统实现了用户管理、身份认证、分级权限管理和单点登录等功能,对于提高信息系统使用的便捷性和安全管理能力具有实际意义。     

基于证书的多域多系统身份认证设计与实现

在工程仿真环境中,管理员需要对不同域和系统中的用户管理及身份认证方式进行统一,提高身份认证的安全性、可靠性.提出使用数字证书作为认证方式,设计并实现了基于数字证书的多域多系统下的统一身份认证.应用结果表明,用户使用存储于USBKey中的同一张数字证书就可以本地或远程访问不同域和环境中的资源.因此,不仅管理员可以对不同环境下的账户进行统一管理,而且增强了用户使用的易用性和身份认证的安全性.     

基于WebSphere Portal的单点登录解决方案

随着信息化的发展,企业信息系统数量不断增加。由于每个系统都有独立的身份认证系统,用户进入系统时需要在不同业务系统分别登录认证,给应用系统的推广使用造成不便。山西烟草基于WebSphere Portal开发了单点登录系统,与人力资源系统、行业CA认证系统和各业务系统进行对接,实现了人员的统一管理、统一认证,并统一了各业务系统产生的待办。虽然由于两方面原因导致统一权限目前只到应用系统级,但是相信随着信息技术的发展,一定能找到最终解决方案。     

基于ESB的统一身份认证系统设计与实现

异构的信息系统由于具有各自独立的身份认证和用户管理模块，存在着用户身份不一致、信息重复，应用系统无法整合、安全性差等问题。为此提出了一种基于统一的数据交换标准和接口标准，将不同的用户管理模块和认证模块进行集成的方法，设计了系统模型、交互流程和认证协议，实现了基于企业服务总线(ESB)的统一身份认证系统。实验结果表明，系统能有效地避免身份认证逻辑的重复和数据的冗余，提高认证的效率和系统资源的利用率。     

校园网统一身份认证设计及实现

校园网是一个业务繁杂,用户使用频率高,控制权限划分非常严格的信息数字化平台,数字证书和LDAP协议的使用为校园网各系统实现统一身份认证提供有效的技术保障,为用户登录提供了便利,同时增强了系统的安全性。     

基于Web统一身份认证服务的实现方案

描述了一种实现统一身份认证的方法，解决了同一用户登录不同Web应用系统需要进行多次独立身份认证问题。Web代理采用浏览器插件方式，截获用户第1次登录某个Web应用时的post数据，并将其存入数据库，用户在以后登录这个Web应用系统时自动提取数据库中post数据，省去了用户手动进行身份认证的过程，实现了统一身份认证。     

校园网络单点登录系统应用研究

提出了一种基于Active Directory和kenberos协议的单点登录系统。校园网络规模不断扩大,各种基于校园网络的应用系统也越来越多,而每个应用系统都有自己独立的用户验证系统,这给校园网络统一管理和用户使用带来不便,也就提出了用户对校园网络统一身份认证的要求。在研究了校园网络单点登录和用户统一管理的需求,设计了一个安全、可靠、高效的适用于校园网络内的的安全认证架构,进行用户的统一授权管理。     

SS认证系统在数字园区中的服务模式研究

为解决不同的网络应用系统用户名和口令不统一的问题,对数字园区使用统一登录接口、统一身份认证系统,对用户的身份进行集中统一管理进行了研究。该技术保证了用户电子身份的唯一性,提高了数字园区应用系统的安全性。     

基于UIA技术的软件自动化测试框架实践

介绍了微软的UIA技术，基于UIA开发的一套图形界面软件自动化测试框架，对其关键实现环节做了分析和说明。     

基于轻量目录访问协议和SOAP的统一认证框架设计

首先分析现有的统一认证系统的特点并指出其在应用集成上存在的不足,由此提出一个基于轻量目录访问协议和SOAP的统一认证实现框架,利用目录技术实现了对网络用户和网络应用的统一管理,利用SOAP将认证服务封装为一个Web服务,提供对Web Service实现框架的支持,使网络管理更加简单有效.     

MAPBOT: a Web based map information retrieval system

Many types of information are geographically referenced and interactive maps provide a natural user interface to such data. However, map presentation in geographical information systems and on the Web is closed related to traditional cartography and provides a very limited interactive experience. In this paper, we present MAPBOT, an interactive Web based map information retrieval system in which Web users can easily and efficiently search geographical information with the assistance of a user interface agent (UIA). Each kind of map feature such as a building or a motorway works as an agent called a Maplet. Each Maplet has a user interface level to assist the user to find information of interest and a graphic display level that controls the presence and the appearance of the feature on the map. The semantic relationships of Maplets are defined in an Ontology Repository provided by the system which is used by the UIA to assist a user to semantically and efficiently search map information interested. An Ontology Editor with a graphic user interface has been implemented to update the Ontology Repository. Visualization on the client is based on Scalable Vector Graphics which provides a high quality Web map.     

PROPOSITIONAL DYNAMIC LOGIC FOR REASONING ABOUT FIRST‐CLASS AGENT INTERACTION PROTOCOLS

For agents to fulfill their potential of being intelligent and adaptive, it is useful to model their interaction protocols as executable entities that can be referenced, inspected, composed, shared, and invoked between agents, all at runtime. We use the term first‐class protocol to refer to such protocols. Rather than having hard‐coded decision‐making mechanisms for choosing their next move, agents can inspect the protocol specification at runtime to do so, increasing their flexibility. In this article, we show that propositional dynamic logic (PDL) can be used to represent and reason about the outcomes of first‐class protocols. We define a proof system for PDL that permits reasoning about recursively defined protocols. The proof system is divided into two parts: one for reasoning about terminating protocols, and one for reasoning about nonterminating protocols. We prove that proofs about terminating protocols can be automated, while proofs about nonterminating protocols are unable to be automated in some cases. We prove that, for a restricted class of nonterminating protocols, proofs about them can be transformed to proofs about terminating protocols, making them automatable.     

网络中基于单向函数密钥链的广播认证协议

无线传感器网络中的广播认证技术能够保护广播报文不被恶意篡改或伪造,对于战场侦察、森林火险监测等应用具有重要的意义。现有的广播认证协议中基于单向函数密钥链的协议以较高的认证效率得到了研究工作者的普遍认可,对现有的这些认证协议进行了介绍和分析,并提出了可能的进一步研究方向。     

Retrospective vs. concurrent think-aloud protocols: testing the usability of an online library catalogue

Think-aloud protocols are a dominant method in usability testing. There is, however, only little empirical evidence on the actual validity of the method. This paper describes an experiment that compares concurrent and retrospective think-aloud protocols for a usability test of an online library catalogue. There were three points of comparison: usability problems detected, overall task performance, and participant experiences. Results show that concurrent and retrospective think-aloud protocols reveal comparable sets of usability problems, but that these problems come to light in different ways. In retrospective think-aloud protocols, more problems were detected by means of verbalisation, while in concurrent think-aloud protocols, more problems were detected by means of observation. Moreover, in the concurrent think-aloud protocols, the requirement to think aloud while working had a negative effect on the task performance. This raises questions about the reactivity of concurrent think-aloud protocols, especially in the case of high task complexity.     

Retrospective vs. concurrent think-aloud protocols: Testing the usability of an online library catalogue

Think-aloud protocols are a dominant method in usability testing. There is, however, only little empirical evidence on the actual validity of the method. This paper describes an experiment that compares concurrent and retrospective think-aloud protocols for a usability test of an online library catalogue. There were three points of comparison: usability problems detected, overall task performance, and participant experiences. Results show that concurrent and retrospective think-aloud protocols reveal comparable sets of usability problems, but that these problems come to light in different ways. In retrospective think-aloud protocols, more problems were detected by means of verbalisation, while in concurrent think-aloud protocols, more problems were detected by means of observation. Moreover, in the concurrent think-aloud protocols, the requirement to think aloud while working had a negative effect on the task performance. This raises questions about the reactivity of concurrent think-aloud protocols, especially in the case of high task complexity.     

非交互式可否认认证协议的研究

为满足在电子商务和电子政务等领域中的应用要求,深入分析和研究了非交互式可否认认证协议的理论和相关应用.根据不同的应用环境,将可否认认证协议分为交互式和非交互式两类,并分析了这两种类别协议的通信轮数的开销,指出在电子投票和电子邮件协商等应用中需要非交互式的可否认认证这一结论.最后,在对几个典型的非交互式可否认认证协议分析的基础上,指出现有的成果不能满足应用的需要,探讨了在非交互式可否认认证领域的研究方向.     

无线传感器网络中的广播认证协议

在总结广播认证协议理想属性的基础上,对现有基于数字签名技术和对称加密技术的广播认证协议优缺点进行了分析讨论,并指出其对无线传感器网络广播认证协议设计的借鉴价值。将广播认证协议中的参数初始化和密钥更新等与密钥管理相关的问题归结为认证系统的完备性问题,并指出现有技术方案在解决该问题时存在的缺陷。初步探讨了无线传感器网络广播认证协议分级安全功能支持的意义,并给出了相应的方案设计思路。     

Toward A Formalism for Conversation Protocols Using Joint Intention Theory

Conversation protocols are used to achieve certain goals or to bring about certain states in the world. Therefore, one may identify the landmarks or the states that must be brought about during the goal–directed execution of a protocol. Accordingly, the landmarks, characterized by propositions that are true in the state represented by that landmark, are the most important aspect of a protocol. Families of conversation protocols can be expressed formally as partially ordered landmarks after the landmarks necessary to achieve a goal have been identified. Concrete protocols represented as joint action expressions can, then, be derived from the partially ordered landmarks and executed directly by joint intention interpreters. This approach of applying Joint Intention theory to protocols also supports flexibility in the actions used to get to landmarks, shortcutting protocol execution, automatic exception handling, and correctness criterion for protocols and protocol compositions.