CN108616508A - Based on the role of application system in unification authentication platform reverse authorization method and system - Google Patents

Based on the role of application system in unification authentication platform reverse authorization method and system Download PDF

Info

Publication number
CN108616508A
CN108616508A CN201810270246.9A CN201810270246A CN108616508A CN 108616508 A CN108616508 A CN 108616508A CN 201810270246 A CN201810270246 A CN 201810270246A CN 108616508 A CN108616508 A CN 108616508A
Authority
CN
China
Prior art keywords
role
newly
increased
operation system
mapping
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810270246.9A
Other languages
Chinese (zh)
Inventor
汪宗斌
张庆勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xin'an Century Polytron Technologies Inc
Original Assignee
Beijing Xin'an Century Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xin'an Century Polytron Technologies Inc filed Critical Beijing Xin'an Century Polytron Technologies Inc
Priority to CN201810270246.9A priority Critical patent/CN108616508A/en
Publication of CN108616508A publication Critical patent/CN108616508A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/562Brokering proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention propose it is a kind of based on the role of application system in unification authentication platform reverse authorization method and system, including:When operation system is newly-increased applies role, this is increased newly and is sent in the mapping table of intermediate database using role;When receiving the newly-increased application role from operation system, carried out in mapping table role and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to Centralized Authentication System;Centralized Authentication System increases role and the newly-increased mapping relations using role certainly according to the mapping table after increasing newly, from increasing role and establishing this;Foundation is distributed to other each operation systems by Centralized Authentication System by current mandate relationship from role authorization is increased, and completes reverse authorization.The present invention can save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, save the maintenance cost of administrator, improve and authorize effect.

Description

Based on the role of application system in unification authentication platform reverse authorization method and system
Technical field
It is the present invention relates to operation system administrative skill field, more particularly to a kind of uniformly to be recognized based on the role of application system Demonstrate,prove platform reverse authorization method and system.
Background technology
All it is from Centralized Authentication System as initiator currently on the market to the fine-grained mandate of operation system, to industry Business system carries out unidirectional mandate.
Existing business operation flow:When the application factors such as role or function under certain application system post become More, the administrator of Centralized Authentication System adjusts the adjustment of delegated strategy, and newest authorization message is then synchronized to each application system System.However when operation system need it is newly-increased using role when Verification System administrator need manual allocation role, caused by authorize The low and complicated for operation problem of efficiency.
Invention content
The purpose of the present invention aims to solve at least one of described technological deficiency.
For this purpose, it is an object of the invention to propose it is a kind of based on the role of application system in unification authentication platform reverse authorization Method and system.
To achieve the goals above, the embodiment of the present invention provides a kind of flat in unified certification based on the role of application system Platform reverse authorization method, includes the following steps:
This is increased newly when operation system is newly-increased applies role and is sent to reflecting for intermediate database using role by step S1 It penetrates in relation table;
Step S2, what record had an operation system in the mapping table of the intermediate database applies role and post Mapping relations angle is carried out in the mapping table when receiving the newly-increased application role from the operation system Color and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to the unified certification System;
Step S3, the Centralized Authentication System should increase angle certainly according to the mapping table after increasing newly, from increasing role and establishing Color applies the mapping relations of role with being increased newly in step S1;
Foundation is distributed to it by step S4, the Centralized Authentication System by current mandate relationship from role authorization is increased His each operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
Further, in the step S2, the intermediate database carries out role and business in the mapping table System fine granularity role mapping relationship increases certainly, including:By the self-built role of the intermediate database, and establish comprising The newly-increased mapping relations using role and the self-built role are stated, the Centralized Authentication System are fed back to, to realize reverse authorization.
Further, in the step S3, the increasing role certainly of the Centralized Authentication System and increasing newly for the operation system It is identical using the character content of role.
The embodiment of the present invention also propose it is a kind of based on the role of application system in unification authentication platform reverse authorization system, packet It includes:Operation system, intermediate database and Centralized Authentication System, wherein
When the operation system is for increasing newly using role, this is increased newly and is sent to the intermediate database using role;
It is stored with mapping table in the intermediate database, record has answering for the operation system in the mapping table It is closed in the mapping with the mapping relations of role and post when receiving the newly-increased application role from the operation system Be carried out in table role and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to The Centralized Authentication System;
The Centralized Authentication System is used for according to the mapping table after newly-increased, from increase role and establish should from increase role with The newly-increased mapping relations using role of operation system, and distributed foundation from role authorization is increased by current mandate relationship Other each operation systems are given, role is applied to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
Further, the intermediate database carries out role in the mapping table and is reflected with operation system fine granularity role Increasing certainly for relationship is penetrated, including:By the self-built role of the intermediate database, and establish include the newly-increased application role and The mapping relations of the self-built role feed back to the Centralized Authentication System, to realize reverse authorization.
Further, in the newly-increased role using role from increasing role with the operation system of the Centralized Authentication System Hold identical.
Further, the operation system is OA office systems, E-mail e-mail systems or CRM customer relation managements system System.
It is according to the ... of the embodiment of the present invention based on the role of application system in unification authentication platform reverse authorization method and system, When being changed using factors such as role or functions under operation system post, pass through the intermediate mapping for authorizing relational database Relationship carries out role with operation system fine granularity role mapping relationship from increasing, is directly fed back to unification authentication platform, so as to To save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, the maintenance cost of administrator is saved, It improves and authorizes efficiency.Role and operation system fine granularity may be implemented by the mapping relations of introducing intermediate database in the present invention Role mapping relationship from increase, to save Centralized Authentication System administrator manually to behaviour such as the distribution mandate of role, maintenances Make, to save the maintenance cost of administrator, improves and authorize efficiency.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partly become from the following description Obviously, or practice through the invention is recognized.
Description of the drawings
The above-mentioned and/or additional aspect and advantage of the present invention will become in the description from combination following accompanying drawings to embodiment Obviously and it is readily appreciated that, wherein:
Fig. 1 is based on the role of application system according to the embodiment of the present invention in unification authentication platform reverse authorization method Flow chart;
Fig. 2 is based on the role of application system according to the embodiment of the present invention in unification authentication platform reverse authorization system Structure chart;
Fig. 3 is based on the role of application system according to the embodiment of the present invention in unification authentication platform reverse authorization system Schematic diagram.
Specific implementation mode
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached The embodiment of figure description is exemplary, it is intended to for explaining the present invention, and is not considered as limiting the invention.
As shown in Figure 1, the embodiment of the present invention based on the role of application system in unification authentication platform reverse authorization method, Include the following steps:
This is increased newly when operation system is newly-increased applies role and is sent to reflecting for intermediate database using role by step S1 It penetrates in relation table.
Step S2, record has the mapping using role and post of operation system to close in the mapping table of intermediate database System carries out role and operation system particulate when receiving the newly-increased application role from operation system in mapping table Spend role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to Centralized Authentication System.
In step s 2, intermediate database carries out role and operation system fine granularity role mapping pass in mapping table System increases certainly, including:By the self-built role of intermediate database, and it includes to increase newly using role and the self-built role to establish Mapping relations feed back to Centralized Authentication System, to realize reverse authorization.
It should be noted that it includes the newly-increased mapping relations using role and the self-built role to establish, it is the business that is based on The demand of system and establish automatically, its role is to indicate that Verification System realizes reverse authorization.
Role and the fine-grained role of operation system may be implemented by the mapping relations of introducing intermediate database in the present invention Mapping relations increase certainly, to save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, thus The maintenance cost of administrator is saved, improves and authorizes efficiency.
Step S3, Centralized Authentication System according to the mapping table after newly-increased, from increase role and establish should from increase role with Increase the mapping relations using role in step S1 newly.
In one embodiment of the invention, the increasing role certainly of Centralized Authentication System and the newly-increased of operation system apply role Character content it is identical.
Foundation is distributed to other respectively by step S4, Centralized Authentication System by current mandate relationship from role authorization is increased A operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
In one embodiment of the invention, operation system is OA office systems, E-mail e-mail systems or CRM visitors Family relationship management system.
As shown in Fig. 2, the embodiment of the present invention also propose it is a kind of reversed in unification authentication platform based on the role of application system Authoring system, including:Operation system 100, intermediate database 200 and Centralized Authentication System 300.
When operation system 100 is for increasing newly using role, this is increased newly and is sent to intermediate database 200 using role.
It is stored with mapping table in intermediate database 200, record has the application of operation system 100 in the mapping table The mapping relations of role and post, when receiving the newly-increased application role from operation system 100, in mapping table into Row role and 100 fine granularity role mapping relationship of operation system from increasing, and will it is newly-increased after mapping table be sent to unification Verification System 300.
Specifically, intermediate database 200 carries out role and 100 fine granularity role mapping of operation system in mapping table Relationship increases certainly, including:By 200 self-built roles of intermediate database, and it includes newly-increased self-built with this using role to establish The mapping relations of role feed back to Centralized Authentication System 300, to realize reverse authorization.
It should be noted that it includes the newly-increased mapping relations using role and the self-built role to establish, it is the business that is based on The demand of system 100 and establish automatically, its role is to indicate that Verification System realizes reverse authorization.
Role and 100 fine granularity of operation system may be implemented by the mapping relations of introducing intermediate database 200 in the present invention Role mapping relationship from increase, to save 300 administrator of Centralized Authentication System manually to the distribution mandate of role, maintenance etc. Operation improves to save the maintenance cost of administrator and authorizes efficiency.
Centralized Authentication System 300 is used for according to the mapping table after newly-increased, from increase role and establish should from increase role with The newly-increased mapping relations using role of operation system 100, and foundation is increased by role authorization by current mandate relationship certainly Other each operation systems are distributed to, role is applied to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
In one embodiment of the invention, the role that increases certainly of Centralized Authentication System 300 answers with the newly-increased of operation system 100 It is identical with the character content of role.
In one embodiment of the invention, operation system 100 and other operation systems can be OA office systems, E- Mail e-mail systems or CRM CRM systems.
To sum up, the present invention may be implemented:When the application factors such as role or function under certain 100 post of operation system become When more, by the intermediate mapping relations for authorizing relational database, role and 100 fine granularity role mapping relationship of operation system are carried out From increasing, the mapping relations from after increasing then are directly fed back to unification authentication platform, then by unification authentication platform by newly-increased angle Color is issued to each operation system that mandate relationship has been established so that each operation system can realize that role is newly-increased automatically.
Below with reference to Fig. 3, for increasing " trainee " role newly to human recruitment's HR systems, the present invention will be described.
1) the post A of operation system 100 (access application system), adjusts using role, increases system actor C. For example, HR systems-Recruiting Specialist, increases " trainee " role newly.
2) newly-increased application role is sent to intermediate database 200, the Centralized Authentication System in intermediate database 200 For 300 roles with application system role relation mapping table, increase role C, foundation includes to increase newly using role and the self-built angle The mapping relations of color are sent to Centralized Authentication System 300, realize reverse authorization.
By Centralized Authentication System 300 from role B is increased, the mapping relations for increasing role B and system actor C newly are established.For example, working as When HR systems increase " trainee " role newly, also from increasing " trainee " system actor in 300 role of Centralized Authentication System.
3) Centralized Authentication System 300 is pushed away the newly-increased role by current and each access service system mandate relationship Give other operation systems so that each operation system can realize newly-increased role C automatically.For example, Centralized Authentication System 300 According to current delegated strategy, if " trainee " role is pushed to the access service such as OA, E-mail, CRM system 100.
It is according to the ... of the embodiment of the present invention based on the role of application system in unification authentication platform reverse authorization method and system, When being changed using factors such as role or functions under operation system post, pass through the intermediate mapping for authorizing relational database Relationship carries out role with operation system fine granularity role mapping relationship from increasing, is directly fed back to unification authentication platform, so as to To save Centralized Authentication System administrator manually to operations such as the distribution mandate of role, maintenances, the maintenance cost of administrator is saved, It improves and authorizes efficiency.Role and operation system fine granularity may be implemented by the mapping relations of introducing intermediate database in the present invention Role mapping relationship from increase, to save Centralized Authentication System administrator manually to behaviour such as the distribution mandate of role, maintenances Make, to save the maintenance cost of administrator, improves and authorize efficiency.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any One or more embodiments or example in can be combined in any suitable manner.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective In the case of can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.The scope of the present invention By appended claims and its equivalent limit.

Claims (7)

1. it is a kind of based on the role of application system in unification authentication platform reverse authorization method, which is characterized in that including walking as follows Suddenly:
Step S1 closes the newly-increased mapping that intermediate database is sent to using role when operation system is newly-increased applies role It is in table;
Step S2, record has the reflecting using role and post of the operation system in the mapping table of the intermediate database Penetrate relationship, when receiving the newly-increased application role from the operation system, in the mapping table carry out role with Operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to the unified certification system System;
Step S3, the Centralized Authentication System according to the mapping table after newly-increased, from increase role and establish should from increase role with Increase the mapping relations using role in step S1 newly;
Foundation is distributed to other respectively by step S4, the Centralized Authentication System by current mandate relationship from role authorization is increased A operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
2. as described in claim 1 based on the role of application system in unification authentication platform reverse authorization method, feature exists In in the step S2, the intermediate database carries out role and operation system fine granularity angle in the mapping table Color mapping relations increase certainly, including:By the self-built role of the intermediate database, and it includes described newly-increased using angle to establish The mapping relations of color and the self-built role feed back to the Centralized Authentication System, to realize reverse authorization.
3. as described in claim 1 based on the role of application system in unification authentication platform reverse authorization method, feature exists In, in the step S3, the newly-increased angle using role for increasing role and the operation system certainly of the Centralized Authentication System Color content is identical.
4. it is a kind of based on the role of application system in unification authentication platform reverse authorization system, which is characterized in that including:Business system System, intermediate database and Centralized Authentication System, wherein
When the operation system is for increasing newly using role, this is increased newly and is sent to the intermediate database using role;
It is stored with mapping table in the intermediate database, record has the application angle of the operation system in the mapping table The mapping relations of color and post, when receiving the newly-increased application role from the operation system, in the mapping table It is middle carry out role and operation system fine granularity role mapping relationship from increasing, and will it is newly-increased after mapping table be sent to it is described Centralized Authentication System;
The Centralized Authentication System is used for according to the mapping table after increasing newly, should increase role and business certainly from increasing role and establishing The newly-increased mapping relations using role of system, and foundation is distributed to by it from role authorization is increased by current mandate relationship His each operation system applies role to realize to increase newly in above-mentioned each operation system, completes reverse authorization.
5. as claimed in claim 4 based on the role of application system in unification authentication platform reverse authorization system, feature exists In, the intermediate database carried out in the mapping table role and operation system fine granularity role mapping relationship from Increase, including:By the self-built role of the intermediate database, and it includes the newly-increased application role and the self-built role to establish Mapping relations, the Centralized Authentication System is fed back to, to realize reverse authorization.
6. as claimed in claim 4 based on the role of application system in unification authentication platform reverse authorization system, feature exists In the increasing role certainly of the Centralized Authentication System is newly-increased identical using the character content of role as the operation system.
7. as claimed in claim 4 based on the role of application system in unification authentication platform reverse authorization system, feature exists In the operation system is OA office systems, E-mail e-mail systems or CRM CRM systems.
CN201810270246.9A 2018-03-29 2018-03-29 Based on the role of application system in unification authentication platform reverse authorization method and system Pending CN108616508A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810270246.9A CN108616508A (en) 2018-03-29 2018-03-29 Based on the role of application system in unification authentication platform reverse authorization method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810270246.9A CN108616508A (en) 2018-03-29 2018-03-29 Based on the role of application system in unification authentication platform reverse authorization method and system

Publications (1)

Publication Number Publication Date
CN108616508A true CN108616508A (en) 2018-10-02

Family

ID=63659072

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810270246.9A Pending CN108616508A (en) 2018-03-29 2018-03-29 Based on the role of application system in unification authentication platform reverse authorization method and system

Country Status (1)

Country Link
CN (1) CN108616508A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088351A (en) * 2009-12-08 2011-06-08 长春吉大正元信息技术股份有限公司 Authorization management system and implementation method thereof
US20140189805A1 (en) * 2013-01-02 2014-07-03 Dow SUMMERS Reverse authorized syn cookie
CN105897757A (en) * 2016-06-12 2016-08-24 上海携程商务有限公司 Authorization and authentication system and authorization and authentication method
CN107508818A (en) * 2017-09-04 2017-12-22 安徽国广数字科技有限公司 A kind of unification authentication platform reverse authorization method based on application role
CN107679422A (en) * 2017-10-25 2018-02-09 厦门市美亚柏科信息股份有限公司 Role-security management method, terminal device and storage medium based on various dimensions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088351A (en) * 2009-12-08 2011-06-08 长春吉大正元信息技术股份有限公司 Authorization management system and implementation method thereof
US20140189805A1 (en) * 2013-01-02 2014-07-03 Dow SUMMERS Reverse authorized syn cookie
CN105897757A (en) * 2016-06-12 2016-08-24 上海携程商务有限公司 Authorization and authentication system and authorization and authentication method
CN107508818A (en) * 2017-09-04 2017-12-22 安徽国广数字科技有限公司 A kind of unification authentication platform reverse authorization method based on application role
CN107679422A (en) * 2017-10-25 2018-02-09 厦门市美亚柏科信息股份有限公司 Role-security management method, terminal device and storage medium based on various dimensions

Similar Documents

Publication Publication Date Title
CN109242326B (en) Policy sharing system based on big data and artificial intelligence
US7917468B2 (en) Linking of personal information management data
CN101257606B (en) System and method for managing and controlling video conference
US9712333B2 (en) Bilateral chat for instant messaging
CN107301529A (en) A kind of government affairs demand accepts centring system
US20210399902A1 (en) Shared ecosystem for electronic document signing and sharing (dss)
CN105611089A (en) Proxy server and control method thereof and call center login system
DE102009031817A1 (en) Method for display, examination and distribution of digital certificates for use in public key infrastructure, involves evaluating confidential status for certificate of certificate owner
CN106599718B (en) The control method and device of information access rights
CN107231357A (en) A kind of Hierarchical Identity authentication model for internet+government affairs service
CN104899792A (en) Method for performing business expansion service handling of power interactive service terminal based on electronic signature technology
CN108616508A (en) Based on the role of application system in unification authentication platform reverse authorization method and system
CN106126706A (en) A kind of scope of resource control method of based role
CN111667126A (en) Landscaping labor dispatching management system and method
CN110378494A (en) Long-range face label method, apparatus, storage medium and computer equipment
CN107508818A (en) A kind of unification authentication platform reverse authorization method based on application role
US20100223228A1 (en) Method and mobile electronic device for updating a local database from a remote database over a wireless network
CN106850853A (en) A kind of information channel intelligent selecting method based on load balancing
CN101646132A (en) Method for actively delaying joining group calling of terminal group by terminal group
CN109829336A (en) A kind of management method and device of menu permission
US20120054872A1 (en) System for controlling user interactions in social networking environments
DE102012111042A1 (en) Mobile communication terminal and method
CN101387961A (en) Method and system for regulating mapping relationship in system integration
KR102413114B1 (en) Open API management system for accepting telegram transaction service conversion processing and the method thereof
CN105162798A (en) Security authentication method for proprietary network access of intelligent terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181002