北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2006, Vol. 29 ›› Issue (5): 130-134.doi: 10.13190/jbupt.200605.130.huangch

• 研究报告 • 上一篇    下一篇

一种新的兼容多种身份认证方式的Web单点登录方案

黄 琛, 李忠献, 杨义先, 徐国胜   

  1. 北京邮电大学 信息安全中心, 北京 100876
  • 收稿日期:2005-09-01 修回日期:1900-01-01 出版日期:2006-10-30 发布日期:2006-10-30
  • 通讯作者: 黄 琛

A New Web Single Sign-On Scheme Supporting the Multiple Authentication Modes

HUANG Chen, LI Zhong-xian, YANG Yi-xian, XU Guo-sheng   

  1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing, 100876, China
  • Received:2005-09-01 Revised:1900-01-01 Online:2006-10-30 Published:2006-10-30
  • Contact: HUANG Chen

摘要:

传统的Web单点登录(SSO)方案是基于用户信息资源集中存放、单种身份认证方式机制而建立的,满足不了动态的松耦合环境下的业务流程的认证需求。为了解决上述问题,对ticket技术、代理技术、数字签名技术进行了研究,提出了一种SSO新方案,它使用cookie作为传输载体,利用ticket代理技术实现兼容多认证方式SSO,同时它基于证书链信任关系建立认证信任链以实现跨域范围的SSO。结果表明,该方案在有效地解决以往方案的缺点同时,也具备更高强度的安全性,具有广泛的应用前景。

关键词: 单点登录, 多方式认证, 跨域认证, 认证信任链

Abstract:

Existing single sign-on (SSO) schemes are built on centralized user information storage mechanism and single authentication mode, and it’s hard to meet the requirement of business operations in the dynamic and loose-coupled environment. To solve above problems, the ticket technology, agent mechanism and digital signature are studied, a new better SSO scheme is presented that uses cookie transmission carrier and ticket technology to support multiple authentications SSO, in addition, it establishes a authentication trust chain to support cross-domain SSO based on certificate trust chain. The results show the new scheme provides higher security and wider usage range, while it overcomes the shortcomings of the existing.

Key words: single sign-on, multiple authentication modes, cross-domain authentication, trust chain

中图分类号: