摘要
国际上的认证与授权方面的标准主要有安全性断言标记语言(SAML)、可扩展访问控制标记语言(XACML)等,中国下一代互联网示范工程(CNGI)跨机构的统一认证和授权中间件技术项目基于国际规范,提出了结合现有成熟产品DT(DigitalTrust)、身份提供者(IdP)和服务提供者(SP)而建立跨域跨机构统一身份认证、授权和审计(AAA)系统的完整方案。该系统提供一种独立于协议和平台的身份验证和资源访问授权交换机制,对于CNGI环境下跨域跨机构统一认证和授权技术的发展和应用具有很好的示范意义。
By studying and discussing the international and relevant standards and norms, e.g. : Security Assertion Markup Language (SAML), Extensible Access Control Markup Language (XACML), a new scheme about unified authentication and authorization originated by China Next Generation Intemet (CNGI) cross-domain middleware technology program was suggested based on those international standards. It was built up combining with improved DigitalTrust(DT) product, Identity Provider (IdP) and Service Provider (SP). The scheme presents one kind of verification and privilege agreement mechanism independent with protocol and platform, which is a good example for the development and application of unified cross-domain cross-organization authentication and authorization technology under CNGI environment.
出处
《中兴通讯技术》
2007年第5期23-27,共5页
ZTE Technology Journal
基金
国家重点基础研究发展规划项目(973计划)(No.2007CB310704)