CN108616508A - Based on the role of application system in unification authentication platform reverse authorization method and system - Google Patents
Based on the role of application system in unification authentication platform reverse authorization method and system Download PDFInfo
- Publication number
- CN108616508A CN108616508A CN201810270246.9A CN201810270246A CN108616508A CN 108616508 A CN108616508 A CN 108616508A CN 201810270246 A CN201810270246 A CN 201810270246A CN 108616508 A CN108616508 A CN 108616508A
- Authority
- CN
- China
- Prior art keywords
- role
- newly
- increased
- operation system
- mapping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention propose it is a kind of based on the role of application system in unification authentication platform reverse authorization method and system, including:When operation system is newly-increased applies role, this is increased newly and is sent in the mapping table of intermediate database using role;When receiving the newly-increased application role from operation system, carried out in mapping table role and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to Centralized Authentication System;Centralized Authentication System increases role and the newly-increased mapping relations using role certainly according to the mapping table after increasing newly, from increasing role and establishing this;Foundation is distributed to other each operation systems by Centralized Authentication System by current mandate relationship from role authorization is increased, and completes reverse authorization.The present invention can save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, save the maintenance cost of administrator, improve and authorize effect.
Description
Technical field
It is the present invention relates to operation system administrative skill field, more particularly to a kind of uniformly to be recognized based on the role of application system
Demonstrate,prove platform reverse authorization method and system.
Background technology
All it is from Centralized Authentication System as initiator currently on the market to the fine-grained mandate of operation system, to industry
Business system carries out unidirectional mandate.
Existing business operation flow:When the application factors such as role or function under certain application system post become
More, the administrator of Centralized Authentication System adjusts the adjustment of delegated strategy, and newest authorization message is then synchronized to each application system
System.However when operation system need it is newly-increased using role when Verification System administrator need manual allocation role, caused by authorize
The low and complicated for operation problem of efficiency.
Invention content
The purpose of the present invention aims to solve at least one of described technological deficiency.
For this purpose, it is an object of the invention to propose it is a kind of based on the role of application system in unification authentication platform reverse authorization
Method and system.
To achieve the goals above, the embodiment of the present invention provides a kind of flat in unified certification based on the role of application system
Platform reverse authorization method, includes the following steps:
This is increased newly when operation system is newly-increased applies role and is sent to reflecting for intermediate database using role by step S1
It penetrates in relation table;
Step S2, what record had an operation system in the mapping table of the intermediate database applies role and post
Mapping relations angle is carried out in the mapping table when receiving the newly-increased application role from the operation system
Color and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to the unified certification
System;
Step S3, the Centralized Authentication System should increase angle certainly according to the mapping table after increasing newly, from increasing role and establishing
Color applies the mapping relations of role with being increased newly in step S1;
Foundation is distributed to it by step S4, the Centralized Authentication System by current mandate relationship from role authorization is increased
His each operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
Further, in the step S2, the intermediate database carries out role and business in the mapping table
System fine granularity role mapping relationship increases certainly, including:By the self-built role of the intermediate database, and establish comprising
The newly-increased mapping relations using role and the self-built role are stated, the Centralized Authentication System are fed back to, to realize reverse authorization.
Further, in the step S3, the increasing role certainly of the Centralized Authentication System and increasing newly for the operation system
It is identical using the character content of role.
The embodiment of the present invention also propose it is a kind of based on the role of application system in unification authentication platform reverse authorization system, packet
It includes:Operation system, intermediate database and Centralized Authentication System, wherein
When the operation system is for increasing newly using role, this is increased newly and is sent to the intermediate database using role;
It is stored with mapping table in the intermediate database, record has answering for the operation system in the mapping table
It is closed in the mapping with the mapping relations of role and post when receiving the newly-increased application role from the operation system
Be carried out in table role and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to
The Centralized Authentication System;
The Centralized Authentication System is used for according to the mapping table after newly-increased, from increase role and establish should from increase role with
The newly-increased mapping relations using role of operation system, and distributed foundation from role authorization is increased by current mandate relationship
Other each operation systems are given, role is applied to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
Further, the intermediate database carries out role in the mapping table and is reflected with operation system fine granularity role
Increasing certainly for relationship is penetrated, including:By the self-built role of the intermediate database, and establish include the newly-increased application role and
The mapping relations of the self-built role feed back to the Centralized Authentication System, to realize reverse authorization.
Further, in the newly-increased role using role from increasing role with the operation system of the Centralized Authentication System
Hold identical.
Further, the operation system is OA office systems, E-mail e-mail systems or CRM customer relation managements system
System.
It is according to the ... of the embodiment of the present invention based on the role of application system in unification authentication platform reverse authorization method and system,
When being changed using factors such as role or functions under operation system post, pass through the intermediate mapping for authorizing relational database
Relationship carries out role with operation system fine granularity role mapping relationship from increasing, is directly fed back to unification authentication platform, so as to
To save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, the maintenance cost of administrator is saved,
It improves and authorizes efficiency.Role and operation system fine granularity may be implemented by the mapping relations of introducing intermediate database in the present invention
Role mapping relationship from increase, to save Centralized Authentication System administrator manually to behaviour such as the distribution mandate of role, maintenances
Make, to save the maintenance cost of administrator, improves and authorize efficiency.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partly become from the following description
Obviously, or practice through the invention is recognized.
Description of the drawings
The above-mentioned and/or additional aspect and advantage of the present invention will become in the description from combination following accompanying drawings to embodiment
Obviously and it is readily appreciated that, wherein:
Fig. 1 is based on the role of application system according to the embodiment of the present invention in unification authentication platform reverse authorization method
Flow chart;
Fig. 2 is based on the role of application system according to the embodiment of the present invention in unification authentication platform reverse authorization system
Structure chart;
Fig. 3 is based on the role of application system according to the embodiment of the present invention in unification authentication platform reverse authorization system
Schematic diagram.
Specific implementation mode
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to for explaining the present invention, and is not considered as limiting the invention.
As shown in Figure 1, the embodiment of the present invention based on the role of application system in unification authentication platform reverse authorization method,
Include the following steps:
This is increased newly when operation system is newly-increased applies role and is sent to reflecting for intermediate database using role by step S1
It penetrates in relation table.
Step S2, record has the mapping using role and post of operation system to close in the mapping table of intermediate database
System carries out role and operation system particulate when receiving the newly-increased application role from operation system in mapping table
Spend role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to Centralized Authentication System.
In step s 2, intermediate database carries out role and operation system fine granularity role mapping pass in mapping table
System increases certainly, including:By the self-built role of intermediate database, and it includes to increase newly using role and the self-built role to establish
Mapping relations feed back to Centralized Authentication System, to realize reverse authorization.
It should be noted that it includes the newly-increased mapping relations using role and the self-built role to establish, it is the business that is based on
The demand of system and establish automatically, its role is to indicate that Verification System realizes reverse authorization.
Role and the fine-grained role of operation system may be implemented by the mapping relations of introducing intermediate database in the present invention
Mapping relations increase certainly, to save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, thus
The maintenance cost of administrator is saved, improves and authorizes efficiency.
Step S3, Centralized Authentication System according to the mapping table after newly-increased, from increase role and establish should from increase role with
Increase the mapping relations using role in step S1 newly.
In one embodiment of the invention, the increasing role certainly of Centralized Authentication System and the newly-increased of operation system apply role
Character content it is identical.
Foundation is distributed to other respectively by step S4, Centralized Authentication System by current mandate relationship from role authorization is increased
A operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
In one embodiment of the invention, operation system is OA office systems, E-mail e-mail systems or CRM visitors
Family relationship management system.
As shown in Fig. 2, the embodiment of the present invention also propose it is a kind of reversed in unification authentication platform based on the role of application system
Authoring system, including:Operation system 100, intermediate database 200 and Centralized Authentication System 300.
When operation system 100 is for increasing newly using role, this is increased newly and is sent to intermediate database 200 using role.
It is stored with mapping table in intermediate database 200, record has the application of operation system 100 in the mapping table
The mapping relations of role and post, when receiving the newly-increased application role from operation system 100, in mapping table into
Row role and 100 fine granularity role mapping relationship of operation system from increasing, and will it is newly-increased after mapping table be sent to unification
Verification System 300.
Specifically, intermediate database 200 carries out role and 100 fine granularity role mapping of operation system in mapping table
Relationship increases certainly, including:By 200 self-built roles of intermediate database, and it includes newly-increased self-built with this using role to establish
The mapping relations of role feed back to Centralized Authentication System 300, to realize reverse authorization.
It should be noted that it includes the newly-increased mapping relations using role and the self-built role to establish, it is the business that is based on
The demand of system 100 and establish automatically, its role is to indicate that Verification System realizes reverse authorization.
Role and 100 fine granularity of operation system may be implemented by the mapping relations of introducing intermediate database 200 in the present invention
Role mapping relationship from increase, to save 300 administrator of Centralized Authentication System manually to the distribution mandate of role, maintenance etc.
Operation improves to save the maintenance cost of administrator and authorizes efficiency.
Centralized Authentication System 300 is used for according to the mapping table after newly-increased, from increase role and establish should from increase role with
The newly-increased mapping relations using role of operation system 100, and foundation is increased by role authorization by current mandate relationship certainly
Other each operation systems are distributed to, role is applied to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
In one embodiment of the invention, the role that increases certainly of Centralized Authentication System 300 answers with the newly-increased of operation system 100
It is identical with the character content of role.
In one embodiment of the invention, operation system 100 and other operation systems can be OA office systems, E-
Mail e-mail systems or CRM CRM systems.
To sum up, the present invention may be implemented:When the application factors such as role or function under certain 100 post of operation system become
When more, by the intermediate mapping relations for authorizing relational database, role and 100 fine granularity role mapping relationship of operation system are carried out
From increasing, the mapping relations from after increasing then are directly fed back to unification authentication platform, then by unification authentication platform by newly-increased angle
Color is issued to each operation system that mandate relationship has been established so that each operation system can realize that role is newly-increased automatically.
Below with reference to Fig. 3, for increasing " trainee " role newly to human recruitment's HR systems, the present invention will be described.
1) the post A of operation system 100 (access application system), adjusts using role, increases system actor C.
For example, HR systems-Recruiting Specialist, increases " trainee " role newly.
2) newly-increased application role is sent to intermediate database 200, the Centralized Authentication System in intermediate database 200
For 300 roles with application system role relation mapping table, increase role C, foundation includes to increase newly using role and the self-built angle
The mapping relations of color are sent to Centralized Authentication System 300, realize reverse authorization.
By Centralized Authentication System 300 from role B is increased, the mapping relations for increasing role B and system actor C newly are established.For example, working as
When HR systems increase " trainee " role newly, also from increasing " trainee " system actor in 300 role of Centralized Authentication System.
3) Centralized Authentication System 300 is pushed away the newly-increased role by current and each access service system mandate relationship
Give other operation systems so that each operation system can realize newly-increased role C automatically.For example, Centralized Authentication System 300
According to current delegated strategy, if " trainee " role is pushed to the access service such as OA, E-mail, CRM system 100.
It is according to the ... of the embodiment of the present invention based on the role of application system in unification authentication platform reverse authorization method and system,
When being changed using factors such as role or functions under operation system post, pass through the intermediate mapping for authorizing relational database
Relationship carries out role with operation system fine granularity role mapping relationship from increasing, is directly fed back to unification authentication platform, so as to
To save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, the maintenance cost of administrator is saved,
It improves and authorizes efficiency.Role and operation system fine granularity may be implemented by the mapping relations of introducing intermediate database in the present invention
Role mapping relationship from increase, to save Centralized Authentication System administrator manually to behaviour such as the distribution mandate of role, maintenances
Make, to save the maintenance cost of administrator, improves and authorize efficiency.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiments or example in can be combined in any suitable manner.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective
In the case of can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.The scope of the present invention
By appended claims and its equivalent limit.
Claims (7)
1. it is a kind of based on the role of application system in unification authentication platform reverse authorization method, which is characterized in that including walking as follows
Suddenly:
Step S1 closes the newly-increased mapping that intermediate database is sent to using role when operation system is newly-increased applies role
It is in table;
Step S2, record has the reflecting using role and post of the operation system in the mapping table of the intermediate database
Penetrate relationship, when receiving the newly-increased application role from the operation system, in the mapping table carry out role with
Operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to the unified certification system
System;
Step S3, the Centralized Authentication System according to the mapping table after newly-increased, from increase role and establish should from increase role with
Increase the mapping relations using role in step S1 newly;
Foundation is distributed to other respectively by step S4, the Centralized Authentication System by current mandate relationship from role authorization is increased
A operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
2. as described in claim 1 based on the role of application system in unification authentication platform reverse authorization method, feature exists
In in the step S2, the intermediate database carries out role and operation system fine granularity angle in the mapping table
Color mapping relations increase certainly, including:By the self-built role of the intermediate database, and it includes described newly-increased using angle to establish
The mapping relations of color and the self-built role feed back to the Centralized Authentication System, to realize reverse authorization.
3. as described in claim 1 based on the role of application system in unification authentication platform reverse authorization method, feature exists
In, in the step S3, the newly-increased angle using role for increasing role and the operation system certainly of the Centralized Authentication System
Color content is identical.
4. it is a kind of based on the role of application system in unification authentication platform reverse authorization system, which is characterized in that including:Business system
System, intermediate database and Centralized Authentication System, wherein
When the operation system is for increasing newly using role, this is increased newly and is sent to the intermediate database using role;
It is stored with mapping table in the intermediate database, record has the application angle of the operation system in the mapping table
The mapping relations of color and post, when receiving the newly-increased application role from the operation system, in the mapping table
It is middle carry out role and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to it is described
Centralized Authentication System;
The Centralized Authentication System is used for according to the mapping table after increasing newly, should increase role and business certainly from increasing role and establishing
The newly-increased mapping relations using role of system, and foundation is distributed to by it from role authorization is increased by current mandate relationship
His each operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
5. as claimed in claim 4 based on the role of application system in unification authentication platform reverse authorization system, feature exists
In, the intermediate database carried out in the mapping table role and operation system fine granularity role mapping relationship from
Increase, including:By the self-built role of the intermediate database, and it includes the newly-increased application role and the self-built role to establish
Mapping relations, the Centralized Authentication System is fed back to, to realize reverse authorization.
6. as claimed in claim 4 based on the role of application system in unification authentication platform reverse authorization system, feature exists
In the increasing role certainly of the Centralized Authentication System is newly-increased identical using the character content of role as the operation system.
7. as claimed in claim 4 based on the role of application system in unification authentication platform reverse authorization system, feature exists
In the operation system is OA office systems, E-mail e-mail systems or CRM CRM systems.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810270246.9A CN108616508A (en) | 2018-03-29 | 2018-03-29 | Based on the role of application system in unification authentication platform reverse authorization method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810270246.9A CN108616508A (en) | 2018-03-29 | 2018-03-29 | Based on the role of application system in unification authentication platform reverse authorization method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108616508A true CN108616508A (en) | 2018-10-02 |
Family
ID=63659072
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810270246.9A Pending CN108616508A (en) | 2018-03-29 | 2018-03-29 | Based on the role of application system in unification authentication platform reverse authorization method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108616508A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102088351A (en) * | 2009-12-08 | 2011-06-08 | 长春吉大正元信息技术股份有限公司 | Authorization management system and implementation method thereof |
US20140189805A1 (en) * | 2013-01-02 | 2014-07-03 | Dow SUMMERS | Reverse authorized syn cookie |
CN105897757A (en) * | 2016-06-12 | 2016-08-24 | 上海携程商务有限公司 | Authorization and authentication system and authorization and authentication method |
CN107508818A (en) * | 2017-09-04 | 2017-12-22 | 安徽国广数字科技有限公司 | A kind of unification authentication platform reverse authorization method based on application role |
CN107679422A (en) * | 2017-10-25 | 2018-02-09 | 厦门市美亚柏科信息股份有限公司 | Role-security management method, terminal device and storage medium based on various dimensions |
-
2018
- 2018-03-29 CN CN201810270246.9A patent/CN108616508A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102088351A (en) * | 2009-12-08 | 2011-06-08 | 长春吉大正元信息技术股份有限公司 | Authorization management system and implementation method thereof |
US20140189805A1 (en) * | 2013-01-02 | 2014-07-03 | Dow SUMMERS | Reverse authorized syn cookie |
CN105897757A (en) * | 2016-06-12 | 2016-08-24 | 上海携程商务有限公司 | Authorization and authentication system and authorization and authentication method |
CN107508818A (en) * | 2017-09-04 | 2017-12-22 | 安徽国广数字科技有限公司 | A kind of unification authentication platform reverse authorization method based on application role |
CN107679422A (en) * | 2017-10-25 | 2018-02-09 | 厦门市美亚柏科信息股份有限公司 | Role-security management method, terminal device and storage medium based on various dimensions |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109242326B (en) | Policy sharing system based on big data and artificial intelligence | |
US7917468B2 (en) | Linking of personal information management data | |
CN101257606B (en) | System and method for managing and controlling video conference | |
US9712333B2 (en) | Bilateral chat for instant messaging | |
CN107301529A (en) | A kind of government affairs demand accepts centring system | |
US20210399902A1 (en) | Shared ecosystem for electronic document signing and sharing (dss) | |
CN105611089A (en) | Proxy server and control method thereof and call center login system | |
DE102009031817A1 (en) | Method for display, examination and distribution of digital certificates for use in public key infrastructure, involves evaluating confidential status for certificate of certificate owner | |
CN106599718B (en) | The control method and device of information access rights | |
CN107231357A (en) | A kind of Hierarchical Identity authentication model for internet+government affairs service | |
CN104899792A (en) | Method for performing business expansion service handling of power interactive service terminal based on electronic signature technology | |
CN108616508A (en) | Based on the role of application system in unification authentication platform reverse authorization method and system | |
CN106126706A (en) | A kind of scope of resource control method of based role | |
CN111667126A (en) | Landscaping labor dispatching management system and method | |
CN110378494A (en) | Long-range face label method, apparatus, storage medium and computer equipment | |
CN107508818A (en) | A kind of unification authentication platform reverse authorization method based on application role | |
US20100223228A1 (en) | Method and mobile electronic device for updating a local database from a remote database over a wireless network | |
CN106850853A (en) | A kind of information channel intelligent selecting method based on load balancing | |
CN101646132A (en) | Method for actively delaying joining group calling of terminal group by terminal group | |
CN109829336A (en) | A kind of management method and device of menu permission | |
US20120054872A1 (en) | System for controlling user interactions in social networking environments | |
DE102012111042A1 (en) | Mobile communication terminal and method | |
CN101387961A (en) | Method and system for regulating mapping relationship in system integration | |
KR102413114B1 (en) | Open API management system for accepting telegram transaction service conversion processing and the method thereof | |
CN105162798A (en) | Security authentication method for proprietary network access of intelligent terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181002 |