[1] Huang He, Shan Zhiguang, Huang Dongquan,. Scalable single sign-on system [J]. Journal of Southeast University (English Edition), 2007, 23 (3): 465-468. [doi:10.3969/j.issn.1003-7985.2007.03.034]
Copy
Scalable single sign-on system(
)
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 23
- Issue:
- 2007 3
- Page:
- 465-468
- Research Field:
- Computer Science and Engineering
- Publishing date:
- 2007-09-30
Info
- Title:
- Scalable single sign-on system
- Author(s):
- Huang He1; Shan Zhiguang2; Huang Dongquan3
-
1College of Software, Beihang University, Beijing 100083, China
2Department of Informatization Research, State Information Center, Beijing 100045, China
3Department of Foundation Courses, Xuzhou Air Force Academy,
- Keywords:
- security systems; architecture; web service; single sign-on; identity federation
- PACS:
- TP393
- DOI:
- 10.3969/j.issn.1003-7985.2007.03.034
- Abstract:
- To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains.Each security domain has its own security servers and service providers, and there are trust relationships between different security domains for identity federation.The security server is responsible for authentication and authorization inside the domain, and offers identity federation capability for different domains.The security assertion markup language(SAML)assertion is used as security token in the system for authentication, authorization, and identity federation.The design of the proposed single sign-on process is based on web service security framework and multiple security domains, and the authorization is always deployed in the local area inside the service provider’s security domain, which enables web service clients, both inside and outside their security domains, to access the services in a simple, scalable, standard and secure way.
References:
[1] Hallam-Braker P, Maler E.Assertions and protocol for the OASIS security assertion markup languages(SAML)[EB/OL].(2002-04-19)[2007-05-08].http://www.oasis-open.org/committees/security/docs.
[2] Erdos M, Cantor S.Shibboleth-architecture draft v05 [EB/OL].(2002-05-02)[2007-05-08].http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-arch-v05.pdf.
[3] Pfitzmann B, Waidner M.Analysis of liberty single-sign-on with enabled clients[J].Internet Computing, 2003, 7(6):38-44.
[4] Yu Xiulan, Chen Xiaoyan, Fang Xing et al.Web services security in data service delivery platform for telecom[C]//Proceedings of the E-Commerce Technology for Dynamic E-Business. Washington DC:IEEE Computer Society, 2004:374-377.
[5] Jeong Jongil, Shin Dongkyoo, Shin Dongil.An XML-based automated authentication profile for home network based on OSGi framework[C]//International Conference on Consumer Electronics(ICCE ’06), Digest of Technical Papers.IEEE Consumer Electronics Society, 2006:99-100.
[6] Zhao Gang, Zheng Dong, Chen Kefei.Design of single sign-on[C]//Proceedings of the E-Commerce Technology for Dynamic E-Business.Washington, DC: IEEE Computer Society, 2004:253-256.
Memo
- Memo:
- Biography: Huang He(1970—), male, doctor, lecturer, huanghe@buaa.edu.cn.