【作者】 徐振亚；

【导师】 饶若楠； 李志清；

【作者基本信息】 上海交通大学 ， 软件工程， 2007， 硕士

【摘要】 计算机网络和信息技术的迅速发展使得企业信息化的程度不断提高,在企业信息化过程中,诸如OA、CRM、ERP、OSS等越来越多的业务系统应运而生,提高了企业的管理水平和运行效率。但是网络资源越多,网络秩序越难加以控制,从而导致出现各种不安全可能,系统分散管理,缺乏统一的安全策略,安全强度也参差不齐。现有的统一认证系统利用目录服务部分的解决了统一认证的问题,但是,由于其基于传统C/S模式的特点,在应用集成上存在不足。随着Web Service技术的发展和日渐广泛应用,其高度集成性、松散耦合和实现简单等特点使其在应用集成上发挥着重要的作用。随着面向服务的体系结构(SOA)的兴起,SOA更能提高应用程序易维护性和易开发性,更容易地使业务和IT紧密结合。基于单点登录技术的发展,本文提出基于SOA框架的松耦合统一身份认证系统模型,该系统可对所有被授权的网络资源进行无缝访问。用户只需输入一次用户名和密码,通过身份认证并获取相应的权限,即可访问所有被授权的服务。不用面对不同的系统记住不同的用户名和密码,从而提高用户和管理员的工作效率,降低网络操作费用,并且不降低网络的安全性和操作的简便性。统一身份认证系统中用户一旦通过身份验证,持有认证令牌即可访问所有被授权的服务。所以令牌的安全传输及各系统与认证服务器间的相互信任,不可否认地成了影响系统实现的主要问题。实现过程中主要存在着中间人攻击、重放攻击等网络安全问题。在实现上采用Web Service作为SOA的各组件间的公共的开发标准基础的实现框架。该系统使用XML、SOAP技术,通过票据传递,实现统一身份认证的功能,同时,系统易于集成,新的应用系统可以不带自己用户系统依靠统一认证系统实现对用户的认证和授权,降低了开发难度。随着统一身份认证系统的逐步完善,将在网络信息安全体系中发挥重要的作用,使网络管理更加简单有效。更多还原

【Abstract】 With the development of the network and information technology, Enterprise’s informatization degree increased very fast. In the course of informatization, there emerges more and more application system, and improve the management and operating efficiency. But it increases the network resource, and makes it difficult to maintain the net order. It leads to all kinds of insecurity, and distributing system management lack of security policy and irregularity security strength.Existing unified authentication that system utilizes directory service partly solves the problem of unified authentication. However, for its C/s mode based, the system is insufficiently in using and integrating. With emerge of Service Orient Architecture (SOA); it can lead to easy maintenance and development. It also can make business and IT more integrate with each other.On the basis of the development of single sign on, the paper proposes a unify identity authentication system based on Serviced oriented architecture. This system can access all network resources on commission. Users are required to input their usernames and passwords once. As a valid user, he can access any application that uses the single sign on with the same user name and password. This system improves the efficiency of users and administrators, reduces expenses of the network operations, and makes the whole system more secure and convenient.Once the user gets the authentication token, he can access the web application using the system. So it is undeniable that the security of the token, the trust of the application and the authentication server has become the subject matter influencing the system to implement. There are many secure problems of network, such as the man in the middle attack, reply attack.We use web service as its developing foundation between components. This system uses XML, SOAP technology and implements identity authentication function using tickets transmitting. In additional, the system can be integrated easily. With the unify identity authentication system being gradual and perfect, it will play an important roe among the information security system of network, and network management will be simpler and effective.更多还原