PKI/PMI支持多模式应用的单点登录方案

doi:10.13190/jbupt.200903.104.lixb

北京邮电大学学报 ›› 2009, Vol. 32 ›› Issue (3): 104-108.doi: 10.13190/jbupt.200903.104.lixb

PKI/PMI支持多模式应用的单点登录方案

李小标温巧燕代战锋

北京邮电大学网络与交换技术国家重点实验室北京邮电大学北京邮电大学网络与交换国家重点实验室

收稿日期:2008-11-13 修回日期:2009-01-31 出版日期:2009-06-28 发布日期:2009-06-28
通讯作者: 李小标

A Supporting Multi-mode Application Single Sign-On Scheme Based on PKI/PMI

LI Xiao-biao

Received:2008-11-13 Revised:2009-01-31 Online:2009-06-28 Published:2009-06-28
Contact: Xiaobiao Li

摘要/Abstract

摘要：

提出了支持C/S和B/S应用的SSO单点登录方案。认证和授权基于PKI和PMI，服务端以中间件的方式实现认证、鉴权、审计功能，引进了SAML交换认证和鉴权信息；客户端则采用安全Cookie、共享内存与ticket技术实现多模式跨域的SSO解决方案。该方案具有更高的安全性，更为全面的解决多模式的单点登录问题，因而具有广泛的应用前景。

关键词: 单点登录, 多模式应用, 跨域认证

Abstract:

A single sign-on scheme is proposed supporting C/S applications and B/S applications. Authentication and authorization based on the PKI and PMI, the service is implemented by means of middleware to achieve the functions of authentication, authorization and auditing, and SAML to support the exchange of the authentication and authorization information; secure Cookies, shared memory and the technique of tickets are used in the client to achieve the multi-mode and cross-domain SSO solution. The scheme has a higher security, more comprehensive solution to the multi-mode SSO and therefore has a broad prospect.

Key words: single sign-on(SSO), multi-mode application, cross-domain authentication

李小标温巧燕代战锋. PKI/PMI支持多模式应用的单点登录方案[J]. 北京邮电大学学报, 2009, 32(3): 104-108.

LI Xiao-biao. A Supporting Multi-mode Application Single Sign-On Scheme Based on PKI/PMI[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(3): 104-108.

参考文献

[1] 林满山, 郭荷清. 单点登录技术的现状及发展[J]. 计算机应用, 2004, 24(6): 248-250. Lin Manshan, Guo Heqing. The present situation and development of single sign-on technology[J]. Computer Applications, 2004, 24(6): 248-250.
[2] 张颖江, 郑秋华, 李腊元. 单次登录技术分析及集中身份认证平台设计. 武汉理工大学学报(交通科学与工程版), 2004, 28(2): 240-243. Zhang Yingjiang, Zheng Qiuhua, Li Layuan. Analysis of single sign-on technique and design of central authentication platform[J]. Journal of Wuhan University of Technology(Transportation Science & Engineering), 2004, 28(2): 240-243.
[3] 王薇, 张红旗, 张斌, 等. 基于PKI/PMI的多域单点登录研究[J]. 微计算机信息, 2006, 22(21): 150-152. Wang Wei, Zhang Hongqi, Zhang Bin, et al. Research of multiple domain single sign-on based on PKI/PMI[J]. Microcomputer Information, 2006, 22(21): 150-152.
[4] 黄琛, 李忠献, 杨义先, 等. 一种新的兼容多种身份认证方式的Web单点登录方案[J]. 北京邮电大学学报, 2006, 29(5): 130-134. Huang Chen, Li Zhongxian, Yang Yixian, et al. A new web single sign-on scheme supporting the multiple authentication modes[J]. Journal of Beijing University of Posts and Telecommunications, 2006, 29(5): 130-134.
[5] 陈东, 尹建伟. 支持多模式应用的分布式SSO系统设计与实现[J]. 计算机应用研究, 2007, 24(4): 276-278. Chen Dong, Yin Jianwei. Design and realization of distributed SSO system supporting multi-mode application[J]. Application Research of Computers, 2007, 24(4): 276-278.
[6] Liu A X, Huang C T, Gouda M G. A secure cookie protocol//Proceedings of IEEE ICCCN'05. San Diego: IEEE Press, 2005: 333-338.
[7] Park J S, Sandhu R. Secure cookies on the Web[J]. IEEE Internet Computing, 2000, 4(4): 36-44.

PKI/PMI支持多模式应用的单点登录方案

A Supporting Multi-mode Application Single Sign-On Scheme Based on PKI/PMI

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

本文评价

[1]	张猛;周永红;孟洛明. 基于角色的IAM系统的研究与实现[J]. 北京邮电大学学报, 2009, 32(s1): 123-128.
[2]	黄琛, 李忠献, 杨义先, 徐国胜. 一种新的兼容多种身份认证方式的Web单点登录方案[J]. 北京邮电大学学报, 2006, 29(5): 130-134.