Research on the cross domain identity authentication in federated environment

摘要

Federated environment consists of multiple domains, traditional cross domain authentication model has many defects like weak cross domain ability, overload of authentication server, cookie hidden danger and non-cross domain limitation. The paper analyzes the security risks of the current authentication model, then we propose a cross domain federal identity authentication model, which adopts the multi-agent authentication mechanism based on unified public key encryption and token active mass mechanism. The multi-agent authentication mechanism based on unified public key encryption can effectively prevent the forgery of Cookie and token, it can also improve the efficiency of cross domain access; the token mass mechanism can convert the authentication model from the passive request pattern to the active response pattern, which can shorten the transmission time. Finally, we carry out the security analysis and verification on the base of instances for the new cross domain authentication model, the results show that the improved authentication model has a higher cross domain ability and processing efficiency, meanwhile it can ensure the security of the information transmission.