| PKI/PMI支持多模式应用的单点登录方案 |
| |
| 引用本文: | 李小标,温巧燕,代战锋.PKI/PMI支持多模式应用的单点登录方案[J].北京邮电大学学报,2009,32(3):104-108. |
| |
| 作者姓名: | 李小标 温巧燕 代战锋 |
| |
| 作者单位: | 北京邮电大学,网络与交换技术国家重点实验室,北京,100876;北京邮电大学,网络与交换技术国家重点实验室,北京,100876;北京邮电大学,网络与交换技术国家重点实验室,北京,100876 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划),国家自然科学基金重大项目,北京市自然科学基金 |
| |
| 摘 要: | 提出了支持C/S和B/S应用的SSO单点登录方案。认证和授权基于PKI和PMI,服务端以中间件的方式实现认证、鉴权、审计功能,引进了SAML交换认证和鉴权信息;客户端则采用安全Cookie、共享内存与ticket技术实现多模式跨域的SSO解决方案。该方案具有更高的安全性,更为全面的解决多模式的单点登录问题,因而具有广泛的应用前景。
|
| 关 键 词: | 单点登录 多模式应用 跨域认证 |
| 收稿时间: | 2008-11-13 |
| 修稿时间: | 2009-1-31 |
A Supporting Multi-Mode Application Single Sign-On Scheme Based on PKI/PMI |
| |
| LI Xiao-biao,WEN Qiao-yan,DAI Zhan-feng.A Supporting Multi-Mode Application Single Sign-On Scheme Based on PKI/PMI[J].Journal of Beijing University of Posts and Telecommunications,2009,32(3):104-108. |
| |
| Authors: | LI Xiao-biao WEN Qiao-yan DAI Zhan-feng |
| |
| Affiliation: | LI Xiao-biao,WEN Qiao-yan,DAI Zhan-feng (State Key Laboratory of Networking , Switching Technology,Beijing University of Posts , Telecommunications,Beijing 100876,China) |
| |
| Abstract: | A single sign-on scheme is proposed supporting C/S applications and B/S applications. Authentication and authorization based on the PKI and PMI, the service is implemented by means of middleware to achieve the functions of authentication, authorization and auditing, and SAML to support the exchange of the authentication and authorization information; secure Cookies, shared memory and the technique of tickets are used in the client to achieve the multi-mode and cross-domain SSO solution. The scheme has a higher security, more comprehensive solution to the multi-mode SSO and therefore has a broad prospect. |
| |
| Keywords: | single sign-on(SSO) multi-mode application cross-domain authentication |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
|
