【作者】 李冰；

【导师】 乔佩利；

【作者基本信息】 哈尔滨理工大学 ， 计算机应用技术， 2005， 硕士

【摘要】 随着互联网的快速发展,诸如电子商务、电子政务、办公自动化等数字化应用正在世界范围内迅速崛起。人们的生产、生活方式正发生着深刻地变革。但伴随着网络应用的迅速发展,网络的安全问题也日益突现出来,严重制约着互联网及其相关网络应用的进一步发展。身份认证在网络安全中发挥着重要的作用。本文的研究重点是建立一个统一身份认证系统,实现对用户的统一管理、统一认证和统一授权。本文在分析了身份认证现状的基础上,提出了一个基于轻量目录访问协议和Web Service的统一认证实现框架,利用目录技术实现了对网络用户和网络应用的统一管理;利用SOAP将认证服务封装为一个Web服务,使应用系统可以方便的实现远程调用,同时,提供了对Web Service实现框架的支持。设计中,提出了单点登录的思想,并且给出了基于改进的Kerberos的单点登录的解决方案。系统的各个层次相对独立,保证了系统的松散耦合,同时,系统易于集成,新的应用系统可以不带自己的用户系统,依靠统一认证系统实现对用户的认证和授权,降低了开发难度。系统采用JAVA编程,说明了各主要模块的实现方法和步骤。随着统一身份认证系统的逐步完善,将在信息安全体系中发挥重要的作用。更多还原

【Abstract】 With the rapid development of internet, a number of the digital applications, such as E-Business, E-Government, OA, are growing up in the global range. The mode of life is also profoundly changing. However, the status of the network security is becoming worse at the same time. Furthermore, the security problems restrict the farther development of the Internet. The identity authentication is very important in the network security.The main research in this paper is to set up the unified authentication system which can complete unified authentication and authority and administer. This paper proposes a realized unified authentication frames on the basis of LDAP and Web service, which utilizes technology of the catalogue to realize the unified management to the network user and network application; and encapsulates authentication serve on a Web service with SOAP. So, many application systems can convenient realization long-distance transfer. Besides, offers to Web service’s support of realizing the frame. In the design, the thought of single singn-on was put forward and soluted based the Kerberos. The system is relatively independent, which guarantees the loose coupling of the system.In additional, the system can be integrated easily. So, new application system need not rely on it’s own authentication system but unified authentication to complete the authentication and authorization of users, and reduces the degree of dificulty of system developing. Java language was used for programming at this paper. This paper indicates the each key fanction implementation method. With the unified identity authentication system being perfected, it will play an important role among the information safe system of campus network.更多还原