基于电信综合统计分析平台的用户管理和认证系统研究与实现

【作者】 李双江；

【导师】 葛玮；

【作者基本信息】 西北大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着网络规模的日益扩大和网络信息的逐渐增加,一些大型的组织机构中应用系统比较多,这些应用系统由于开发的时间和背景不同,相应的平台和技术架构也不一样。这样就会出现每个应用系统管理着自己的一套用户资源,而这些用户资源信息只能在本应用系统中使用,不能被其他应用系统共享。另外,用户面对不同的授权服务要重复进行身份认证,操作繁琐,且存在一定的安全隐患。这样使得我们迫切需要一个统一的、完善的、安全的、易于管理的、有良好的可移植性和扩展性的统一用户管理和授权系统。在广泛研究了当前各种用户身份管理技术之后,发现使用目录服务来管理用户资源,能够解决一部分使用关系数据库时所出现的问题,其中最突出的一点就是目录服务的平台无关性。本论文首先详细分析和研究了基于角色的访问控制(Role-based AccessControl,RBAC)和轻型目录访问协议(Lightweight Directory Access Protocol,LDAP)这两大关键理论,结合实习期间参与设计的某电信企业的综合统计分析平台用户管理模块的实际情况,设计了一种基于LDAP和RBAC相结合的用户管理模型。利用LDAP目录服务技术实现了用户统一认证,解决了传统数据库对这些信息管理带来的数据冗余问题,使得用户信息管理的高效,对企业的变化有很大的伸缩性;同时结合RBAC思想进行用户授权,减少授权管理复杂性,灵活支持了企业的安全策略。更多还原

【Abstract】 Because of the increasing scale of networks, network information increases gradually. There are many application systems in some large-scale organization. These application systems developed at different time and used in different background, so their corresponding platform and technical framework were different too. Consequently, each application system only manage its own set of user resources which can only use in it’s application system, can’t be shared with other application systems. Moreover, the users must carry on the status authentication for different authorized service, which is tedious and has certain safe hidden trouble. Therefore, we need a unified, perfection, safe, easy to manage, portability and scalable user management and authorization system urgently.By extensive research of the current user identity management technology, we find that the use of directory services can manage the user resources and solve part of the problems that encountered when use relational database. A most prominent advantage of the directory services is its platform independency.This dissertation mainly focuses on the theories of role-based access control and lightweight directory access protocol. Based on the theory of RBAC and LDAP, we design and implement a user management model based on LDAP and RBAC. Using LDAP directory services technology can achieve the reunification of the user authentication and solve data redundancy issues that encountered when using relational database to manage those data. By using user management model can improve the efficiency of managing user information and increase the flexibility of enterprise changes. Simultaneously, we unify the RBAC thought to carry on the user authorization, which can reduce the authorization management complexity, and support enterprise’s security policy with great flexibility.更多还原