节点文献

网络教学平台安全认证体系的研究

Study of Secure Authentication System for E-Leaning

【作者】 袁先珍

【导师】 张佑林; 钟华;

【作者基本信息】 武汉理工大学 , 机械电子工程, 2003, 硕士

【摘要】 本文论述了网络教学平台面临的安全问题和目前常见的几种重要的安全技术,并针对随着在校园网中提供的网络教学和其它应用服务越来越多,给用户管理和操作带来许多不便这一现状,提出了基于数字化校园的统一电子身份认证系统解决方案。该系统中用户使用校园网中的所有服务只需一套口令和密码,另外,该系统还实现对重要资源的授权访问。方案实现的核心技术是基于LDAP的目录服务技术。 系统采用Cisco公司的安全访问控制器Cisco Secure ACS (Access Control Server) 2.6作为认证服务器,iPlanet Directory Server5.1作为目录服务器,以及实达的基于802.1x的交换机STAR-S1924F作为用户接入设备即认证客户端,实现用户在所有应用的账号与密码等相对固定的信息集中管理和基于角色的访问控制。本文详细讲述了网络教学安全认证体系的技术架构和实现基理以及部分认证服务器的配置参数。 另外,文中叙述了目录服务二次开发的实现过程,采用Netscape Directory JAVA SDK开发包,JSP和JavaBeans技术来开发基于WEB的目录服务客户端,使目录服务中的数据能更方便更安全的被访问和管理。用户管理采用基于角色的分级管理模式。将用户主要分为匿名用户、学生、教师和管理员四种类型,通过对其分别设置访问控制权限来实现安全访问和管理。基于WEB的目录服务客户端实现的具体功能有:分类查询、修改密码、条目的添加、删除、修改、设置组、设置角色和设置访问控制等,前台页面使用了树型结构,直观的反映了目录服务器中数据的拓扑结构。 上述统一电子身份认证系统使用的核心技术是基于LDAP的目录服务来实现,因此使认证和管理变得可靠、便捷,并且在国内外电子商务平台中已得到广泛应用,该技术对教学平台也同样适用。但是基于目录服务开发WEB应用在国内还很少见,而这正是课题最主要的工作,本文对目录服务总结的阶段成果对将来进一步的开发可以起到一定的参考和借鉴作用。

【Abstract】 In this paper, we discuss problems of security for the E-learning system and some main security technology, and put forward universal user ID authentication based on digital school network according to the present situation that inconvenient to user management and operation brings by more and more application server provided .The core technology is directory server based on LDAP. This article tells about the technical support, principle of the E-leaning secure authentication and the parameter in configuration of authentication server.The system adopts Cisco Secure ACS (Access Control Server) 2.6 of Cisco company as the authentication server, iPlanet Directory Servers. 1 as the directory server and STAR-S1924F switch based on 802.1x as the authentication client namely user network access device to implement centralize management of the user account and password and so on in all the application, and the authorization access based on port.In addition, process of developing the client of directory server is discussed in this paper. Netscape Directory JAVA SDK, the technology of JSP and JavaBeans are used to implement the client based on WEB which made data in the directory server is more easier and secure to be managed and accessed. The users are managed based on roles and grades, the types of users are: anonym, student, teacher and administrator, implement secure management by setting access control privilege specially. Tree view is used in the web interface made the directory data looks more understandable. The function that implement are search entry, edit entry, delete entry, set group, set role, set access control and so on.The directory server technology based on LDAP, used in the solving scheme of universal user-ID system which makes the authentication and management more credibility, more convenient. This technology is applied broadly on E-Commerce system in foreign country and nation, and this technology is same to apply on E-Leaning system. In addition, the work of development WEB application based on directory is a little in nation. However, this is the main task of this topic. The stage production discussed in this topic will take some reference to the people who do more development on directory server in the future.

【关键词】 LDAPAAA目录服务安全认证访问控制
【Key words】 LDAPDirectory ServerAAAAuthenticationAccess Control
  • 【分类号】G434
  • 【被引频次】1
  • 【下载频次】183
节点文献中: