针对安全断言标记语言(SANL)的不足,提出了基于站群的会话有效期的概念,设计了主题在线反查协议、定点注销协议和重复登录限制办法,解决了跨域单点登录问题,给出了数据同步策略,实现了源站点和各目标站点之间的松耦合关系,支持可分可合式的系统集成,便于集成历史遗留系统.基于该方案架构的系统已经在我国某大型国有银行中被推广使用,应用结果表明,降低了系统管理成本及用户操作复杂度,提高了生产效率和安全性,满足了企业需要.%To overcome the shortcomings of SAML (security assertion markup language), the following improvements are done. Web sites group-based session life cycle is defined. Reverse query on-line user (RQOU) protocol, and logout of fixed logon (SOFL) protocol is designed. Avoiding duplication login method is given. Domain-crossed SSO problem is resolved. A data synchronization strategy is stated, which simplifies legacy system integration. A SSO system based on these designs is used in a state-owned bank in China, which has reduced system management costs and improved productivity, and then satisfies the enterprise requirements.
展开▼