| CNGI环境中跨域AAA系统的构建 |
| |
| 引用本文: | 黄琛,李忠献.CNGI环境中跨域AAA系统的构建[J].中兴通讯技术,2007,13(5):23-27. |
| |
| 作者姓名: | 黄琛 李忠献 |
| |
| 作者单位: | 北京邮电大学,北京邮电大学 北京,100876,北京,100876 |
| |
| 基金项目: | 国家重点基础研究发展计划(973计划) |
| |
| 摘 要: | 国际上的认证与授权方面的标准主要有安全性断言标记语言(SAML)、可扩展访问控制标记语言(XACML)等,中国下一代互联网示范工程(CNGI)跨机构的统一认证和授权中间件技术项目基于国际规范,提出了结合现有成熟产品DT(DigitalTrust)、身份提供者(IdP)和服务提供者(SP)而建立跨域跨机构统一身份认证、授权和审计(AAA)系统的完整方案。该系统提供一种独立于协议和平台的身份验证和资源访问授权交换机制,对于CNGI环境下跨域跨机构统一认证和授权技术的发展和应用具有很好的示范意义。
|
| 关 键 词: | 跨域认证授权审计 安全断言 单点登录 中国下一代互联网 可扩展的访问控制 |
| 文章编号: | 1009-6868(2007)05-0023-05 |
| 收稿时间: | 2007-07-10 |
| 修稿时间: | 2007年7月10日 |
Constructing Cross-domain AAA System over CNGI |
| |
| HUANG Chen,LI Zhong-xian.Constructing Cross-domain AAA System over CNGI[J].ZTE Communications,2007,13(5):23-27. |
| |
| Authors: | HUANG Chen LI Zhong-xian |
| |
| Institution: | Beijing University of Post and Telecommunications, Beijing 100876, China |
| |
| Abstract: | By studying and discussing the international and relevant standards and norms, e.g.: Security Assertion Markup Language (SAML), Extensible Access Control Markup Language (XACML), a new scheme about unified authentication and authorization originated by China Next Generation Internet (CNGI) cross-domain middleware technology program was suggested based on those international standards. It was built up combining with improved DigitalTrust(DT) product, Identity Provider (IdP) and Service Provider (SP). The scheme presents one kind of verification and privilege agreement mechanism independent with protocol and platform, which is a good example for the development and application of unified cross-domain cross-organization authentication and authorization technology under CNGI environment. |
| |
| Keywords: | cross-domain authentication and authorization security assertion single sign-on CNGI extensible access control |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
