摘要: 针对目前单点登录应用于Web服务安全时存在的问题,结合WS-Security和SAML规范提出一个Web服务身份认证和授权的单点登录模型,描述该模型的单点登录过程及实现,对其安全性进行了分析并给出了相应的安全策略。该系统模型具有兼容性、容易部署及良好的可扩展性等特点。
关键词:
单点登录,
Web服务,
安全断言标记语言,
Web服务安全性
Abstract: Aiming at current existed problems of single sign-on applied to Web services security, this paper puts forward a single sign-on model for Web services authentication and authorization with the help of WS-Security and SAML, and analyzes the flow and security of this single sign-on system. The system has compatibility and better expansibility it can be deployed easily.
Key words:
single sign-on,
Web services,
Security Assertion Markup Language(SAML),
WS-security
中图分类号:
王 茜;吴黎明. 单点登录在Web服务安全中的应用[J]. 计算机工程, 2008, 34(8): 179-181.
WANG Qian; WU Li-ming. Application of Single Sign-on in Web Services Security[J]. Computer Engineering, 2008, 34(8): 179-181.