现代企业中出现的越来越多的应用系统往往各自提供一套身份认证方式,这不仅增加了用户的负担,而且降低了系统安全性.企业内部另一重要的问题是管理员如何控制已验证身份的用户的访问请求.基于SAML的单点登录技术和基于XACML的访问控制技术可以很好地解决这两个问题.在对SAML和XACML规范进行了分析的基础上,提出了一个基于SAML和XACML的单点登录模型,分析了该应用模型的安全性,最后在微软.NET平台上予以实现.%Most applications in modern enterprises will provide a set of authentication method of their own, which increase the user's burden and reduce the system security as well. Another serious problem is how to administer access requests of authenticated users. The Single Sign-On (SSO) based on SAML and access control based on XAC-ML can provide a solution for these two problems. Based on the analysis of SAML and XACML specifications, an SSO model based on SAML and XACML is proposed in this paper,and applied on the platform of Microsoft. NET. The model shares user information including ID authentication and access level, which promote interoperability between different security systems and guarantees access control as well. The security of the model is also analyzed.
展开▼
