CN101552784A - Combined identity certification method of Web service chain - Google Patents

Combined identity certification method of Web service chain Download PDF

Info

Publication number
CN101552784A
CN101552784A CNA200910098217XA CN200910098217A CN101552784A CN 101552784 A CN101552784 A CN 101552784A CN A200910098217X A CNA200910098217X A CN A200910098217XA CN 200910098217 A CN200910098217 A CN 200910098217A CN 101552784 A CN101552784 A CN 101552784A
Authority
CN
China
Prior art keywords
enterprise
role
service
identity
strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA200910098217XA
Other languages
Chinese (zh)
Inventor
吴健
曾文秋
吴朝晖
李莹
邓水光
尹建伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
INSIGMA GROUP CO., LTD.
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CNA200910098217XA priority Critical patent/CN101552784A/en
Publication of CN101552784A publication Critical patent/CN101552784A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method to realize a cross-domain combined identity authentication of Web service chain, which comprises the following steps: (1)character body management: role field expert defining role bodies; (2) semantics mark: an enterprise making the semantics of the roles in the enterprise using the public role bodies to form a role file which can be understood by other enterprises; (3) access strategy management: an enterprise making the service access strategy according to the trust degree to other enterprises, and establishing a strategy field aiming to safety field access control; (4) SAMLToken assertion generation: obtaining the assertion by using public key and symmetrical pass keys; (5) combined identity authentication based on agency: using a agency server as strategy decision center to obtain the role information of the requester according to the SAMLToken assertion, while the strategy decision center obtaining a strategy list, and performing permission judgement. The invention has the advantage that the identity authentication information can be transmitted safely between a plurality of servers.

Description

A kind of combined identity certification method of Web service chain
Technical field
The present invention relates to the Web service security fields, especially a kind of combined identity certification method of realizing cross-domain Web service chain.
Background technology
In recent years, along with developing rapidly of Web service (Web Service), Web uses and to develop into the whole world from the part, develops into B2B (business-to-business) from B2C (business-to-customer), from centralized develop into distributed.But Web service have intact encapsulation, loose couplings, use convention standardization, use standard agreement standard, height integration capability, reusable, and advantages such as language and platform independence.Based on these advantages, most of enterprise all adopts Web service to pack their business one after another.But the service that enterprise can provide is limited, can not adapt to open, dynamic Web environment.In order to satisfy demand widely, just must increase the operational approach of oneself calling on the basis of service that other enterprises provide, more strong functions is provided.Yet under existing situation, each enterprise for the purpose of safety all the application limitations of Web service in enterprises.When the enterprise customer visits the Web service that enterprises provides, the user must be earlier by the authentication of enterprise, such as input username and password or the like.The problem of this scheme is, on service that a user wants to visit is basis in other a certain services, encapsulated that particular service forms, and he just must go to earlier these enterprises to register so, obtains one group of password.When this service of official visit, also constantly input authentication information is carried out authentication, has caused the combined identity certification problem of service chaining thus.
Combined identity certification is a trend of field of identity authentication, is the result of distributed network effect, and it mainly is the trusting relationship of setting up in distributed environment between enterprise.Existing associating Identity Management standard mainly contains SAML (Security Assertions Makeup Lanuage, security assertion markup language), ID-FF (IdentityFederation Framework, the federal framework of free identity), ID-WSF (Liberty Services Framework, identity Web service framework) and WS-Federation (Web service associating language).
Wherein SAML is first industrial standard of supporting the XML ecommerce, and it combines S2ML and AuthXML, provides the common statement of sharing security service for carrying out B2B and B2C business transaction between the enterprise.The SAML standard by assert, request/response protocol, binding and these four parts of configuration file form.Assert and mainly comprise three kinds: 1, authentication assertion: checking is asserted and is handled the authentication of main body under particular moment, specific mechanism; 2, attribute assertion: attribute assertion provides a kind of mechanism of contact particular community and given theme; 3, authorization decision is asserted: authorization decision assert the management given principal access resource authority.Request/response protocol has been stipulated the message kind and the form of the shared required exchange of SAML data (asserting) of point-to-point transmission.Binding is described SAML request definitely in detail and how to be mapped to host-host protocol the soap message exchange on HTTP.Configuration file has been described and has been realized how embedding in underlying protocol message, extraction and integrated asserting.
Existing combined identity certification method based on SAML is not considered the demand of service chaining (service of other enterprise of service call of certain enterprise, the service on the service chaining is cross-domain) all at the single service of enterprise.Be that the requestor obtains a voucher in affiliated enterprise, go to visit the service of other enterprise, voucher is not passed to next one service in the service chaining and how have to set forth safely according to voucher.The Role Information that includes requestor's individual essential information, the publisher of voucher (being requestor place enterprise) and requestor in the voucher.In the process that transmits, can't both guarantee that the Role Information in the voucher can the person of being requested oneself not revised with the enterprise in the service chaining in order to avoid enlarge requestor's access rights, guarantee that again voucher can not be replaced by the voucher that non-requestor place enterprise generates.And existing method do not solve the understanding problem of role in the combined identity certification of cross-domain services chain yet, and each enterprise is all different to role's definition, to such an extent as to the access rights that outside enterprise can not non-this territory requestor of fine granularity ground control.
Summary of the invention
Technical problem to be solved by this invention is to avoid the user to carry out repeatedly authentication when calling a service chaining, for the user provides the authentication and authorization of the single-sign-on of crossing over the heterogeneous network service, i.e. the information of authentication can be in a plurality of services the combined identity certification method of the Web service chain of safe transfer.
The present invention addresses the above problem the technical scheme that is adopted: these method concrete steps are,
(1) role's body management: the role domain expert defines role's body, makes each enterprise's understanding Role Information separately;
(2) semantic tagger: each enterprise utilizes public role's body that the role of this enterprise is carried out semantic tagger, forms the character file that each enterprise can mutual understanding;
(3) access strategy management: each enterprise sets up the tactful territory at the security domain access control according to the trusting degree of other enterprises is formulated the service access strategy of this enterprise;
(4) SAMLToken asserts generation: utilize PKI and symmetric key to obtain and assert, and guarantee that the user is safe when request is asserted and obtain to assert;
(5) based on the combined identity certification of acting on behalf of: the role who serves as the strategic decision-making center by acting server, be responsible for asserting the Role Information that obtains the requestor according to SAMLToken, obtain Policy List by the strategic decision-making center, and carry out authority and judge, whether the decision requestor can visit respective service;
Wherein step (1)~(3) are basic steps, usually only need do once, the combined identity certification process of later on each Web service chain only needs to get final product according to step (4) and (5), has only when needs are revised mark or service access strategy, just repeats step (1)~(3).
Adopt OWL as role's ontology describing language in the step of the present invention (1), with the instrument of Protege as manual creation role body.
The keeper of each enterprise carries out semantic tagger according to role's body of having set up in the step of the present invention (2), forms the WSROLE file.
The middle service access strategy of step of the present invention (3) is responsible for the delegated strategy of the service of this enterprise is divided, managed, by the association between user, role, service, authority is defined, formulate reasonable complete access control policy, set up tactful territory at the security domain access control.
The middle requestor of step of the present invention (4) utilizes PKI, private key techniques to obtain SAML from owned enterprise safely earlier and asserts, utilize the XML signature technology to guarantee non-repudiation of asserting and the integrality of asserting again.
The combined identity certification process of service chaining is specially given service requester identity R_Identity={e, R} and a service chaining SC={S in the step of the present invention (5) 1, S 2... S i..., S n, have only as each S iAll authentication success just shows the service chaining authentication success, otherwise authentification failure is promptly worked as ∀ S i ∈ SC ((e ∈ E i(suppose e=e j)) ∧ (R ∩ e j≠ Φ)) authentication success when being TRUE, otherwise authentification failure, wherein the formula that will arrive in the middle of the said process is described as,
(A) service chaining descriptive model, a service SC is a n tuple
SC={S 1,S 2,…S i,…,S n},S i={s,E i},E i={e 1,…e j,…e m},
e j={ r 1... r k... r l, wherein:
A, S iRepresent a service of certain enterprise;
B, s represent the n of enterprise iCertain concrete service, E iThe expression n of enterprise iService s allow other enterprise's set of visit;
C, e jThe expression e of enterprise jCan visit the n of enterprise iService s;
D, r kThe expression e of enterprise jUnder role r kCan visit the n of enterprise iService s, the role here all be with role's domain body corresponding;
(B) service requester identity descriptive model, a requestor Request is one 2 tuple
R_Identity={e, R}, R={r 1..., r i, wherein:
A, R_Identity model assert abstract come out from SAMLToken, so that the authentication of formal expression service chaining;
B, e represent the enterprise under the requestor, and R represents the role set of requestor in owned enterprise;
C, r iSome roles in the expression enterprise, the role here are corresponding with role's domain body;
(C) service authentication operation, given service requester identity R_Identity={e, R} and a service S i={ s, E i, if e ∈ is E i(suppose e=e j) and R ∩ e j≠ Φ then represents authentication success, otherwise authentification failure.
The present invention compared with prior art, have following beneficial effect: (1) utilizes Web service safety standard (as WS-Security), SAML standard, digital signature technology, semantic ontology and Proxy Method to set up the combined identity certification model of a cross-domain services chain, for the user provides the authentication and authorization of cross-domain services, i.e. the information of authentication can be in a service call chain safety transmission and authenticate; (2) semantic body and semantic tagger have solved each enterprise role and have understood problem, make each enterprise role can act on other enterprise; (3) agency mechanism adopts the resource authorization based on the role, and each enterprise all opens away whole resource accesses by the agency of this enterprise, helps the resource access management of enterprise.
Description of drawings
Fig. 1 is a structure chart of the present invention.
Fig. 2 is an overview flow chart of the present invention.
Fig. 3 is a service chaining combined identity certification flow chart of the present invention.
Fig. 4 is the symmetric key procedure chart that obtains the service requester generation of the present invention.
Fig. 5 is WSROLE XMLSchema of the present invention.
Fig. 6 is WSSTRATEGY XMLSchema of the present invention.
Embodiment
Referring to Fig. 1, two services are arranged in the service chaining of present embodiment, the service E2-WS that the E2 of enterprise provides has called the service E3-WS of the E3 of enterprise, the service E2-WS that the user A request call E2 of enterprise among the E1 of enterprise provides.
Referring to Fig. 2, the concrete steps of present embodiment are:
(1) role's body management
By the role domain expert role's body is defined, make each enterprise's understanding Role Information separately.If role's ontology describing has the reality of not meeting, hold consultation by enterprise and role domain expert, and then upgrade body.Whole process is finished by each large enterprises and common negotiation of role domain expert.Adopt OWL as role's ontology describing language, with the instrument of Protege as manual creation role body.Wherein OWL is a network ontology language, and full name Web OntologyLanguage is the standard of ontology describing language in the W3C semantic net of recommending.
(2) semantic tagger
Each enterprise utilizes public role's body that the role of this enterprise is carried out semantic tagger, forms the character file that each enterprise can mutual understanding; The keeper of each enterprise carries out semantic tagger according to role's body of having set up, forms the WSROLE file.WSROLE XMLSchema as shown in Figure 5.Concrete mark situation is as follows:
<roles?enterpriseId=″enterprise1″>
<role_name=″role_name1″modelReference=″ontoloty_role1″>
<role_name=″role_name2″modelReference=″ontoloty_role1″>
</roles>
Enterprise1 represents the unique identification of an enterprise, and role_name1, role_name2 represent the user role in the enterprise, and ontoloty_role1, ontoloty_role2 represent the role's body in role's field ontology library.
(3) access strategy management: each enterprise is according to the trusting degree of other enterprises is formulated the service access strategy of this enterprise, the service access strategy is responsible for the delegated strategy of the service of this enterprise is divided, managed, by the association between user, role, service, authority is defined, formulate reasonable complete access control policy, set up tactful territory at the security domain access control.Mainly be that file disposes these information by WSSTRATEGY (WSSTRATEGY XMLSchema as shown in Figure 6), and Role Information mark by role's ontology library.Specific as follows:
<strategies>
<enterprise?name=″enterprise_name1″>
<role?name=″ontoloty_role1″>service1,service2</role>
<role?name=″ontoloty_role2″>service1,service2,...</role>
</enterprise>
<enterprise?name=″enterprise_name2″>
<role?name=″ontoloty_role2″>service1,service2,...</role>
<role?name=″ontoloty_role3″>service1,service2,...</role>
</enterprise>
</strategies>
Enterprise_name1, enterprise_name2, enterprise_name3 represent the unique identification of enterprise, service1, service2 represent the unique identification of the service of this enterprise, ontoloty_role1, ontoloty_role2 represent the role's body in role's body, and the Role Information of using of generating strategy also is to be taken from role's field ontology library.For instance, the ontoloty_role1 role among the enterprise_name1 of enterprise can visit service1 and these two services of service2 of this enterprise.
(4) SAMLToken asserts generation: utilize PKI and symmetric key, the requestor obtains SAML from owned enterprise and asserts, and guarantees that the user is safe when request is asserted and obtain to assert, is specially:
A, service requester A generate a symmetric key SK immediately, utilize SK that usernameToken is signed;
B, utilize PKIX to obtain the PKI of the E1 of enterprise, and utilize it to encrypt SK and usernameToken obtains message M-Encryption, at last M-Encryption is found the E1 to enterprise.
Message M-Encryption receives in c, enterprise, utilizes oneself private key that it is decrypted and obtains M, and the symmetric key SK and the usernameToken that utilize deciphering to obtain carry out signature verification (integrity verifications of data).
D, the E1 of enterprise utilize usernameToken that this requestor is verified.If the requestor is legal, utilize SAMLToken of information generation of this requestor to assert.SAMLToken assert comprised the term of validity, publisher (E1 of enterprise) verifies the sender's of time, requestor's sign, the requestor who is verified and message (the message here refers to and contains the message that SAML asserts) that employed method, checking are taken place relation, requestor's Role Information etc. to signature, the requestor who asserts.And with the private key of enterprise oneself to the processing of signing of some key, sensitive information (such as role or the like), receive when other enterprise and can use the PKI of this enterprise that its information is carried out integrity verification after this is asserted, prevent that the information of receiving from being revised by other people.The role who describes in asserting is relevant with body.The E1 of enterprise utilizes symmetric key SK to obtain ciphertext M1-Encryption to asserting to encrypt, and it is sent to requestor A.
Be an information of asserting that generates below:
<saml:Assertion
xmlns:saml=″urn:oasis:names:tc:SAML:2.0:assertion″
xmlns:xs=″http://www.w3.org/2001/XMLSchema″
xmlns:xsi=″http://www.w3.org/2001/XMLSchema-instance″
ID=″b07b804c-7c29-ea16-7300-4f3d6f7928ac″
Version=″2.0″IssueInstant=″2004-12-05T09:22:05Z″>
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<ds:Signature>...</ds:Signature>
<saml:?Subject>...</saml:Subject>
<saml:Conditions>...</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute
Name=″requestRole″>
<saml:AttributeValue
xsi:type=″xs:string″>ontoloty_role1,...</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute?Name=″other″>
<saml:AttributeValue
xsi:type=″xs:string″>other</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
The Conditons element has been described this term of validity of asserting.The Subject element has been described the main body that is verified, and is used for guaranteeing that the transmit leg of asserting is exactly the main body described in asserting.The AttributeStatement element is used for defining the more needed essential informations of request service, such as role or the like.The Signature element mainly is to be used for doing signature to the sensitive information in asserting, is not modified to guarantee that this is asserted, particularly Role Information.Also want to embody this and assert publisher's identity.
(5) based on the combined identity certification of acting on behalf of: the role who serves as the strategic decision-making center by acting server, be responsible for asserting the Role Information that obtains the requestor according to SAMLToken, obtain Policy List by the strategic decision-making center, and carry out authority and judge, whether the decision requestor can visit respective service.Flow chart is referring to Fig. 3:
A, receive ciphertext M1-Encryption, with SK it is decrypted and obtains M1.The M1 here is exactly that SAMLToken asserts.Simultaneously also adopt the WS-Security agreement to guarantee soap message safety.The WS-Security agreement is mainly partly expanded the Head of soap message, has added the wsse:Security element.Wherein at three aspect Authenti cation of safety, Integrity, Confidentiality have defined Security Token respectively, XML Signature and three daughter elements of XML Encryption ReferenceList.And the business tine (can encrypt whole SoapBody usually) that the needs in SOAP bag are encrypted is passed through the element (EncryptedDate) that XML Encryption handled and is substituted.In order better to carry out the combined identity certification of service chaining, encryption key among the XML Encryption will be changed into the symmetric key SK1 that generates by the requestor, again Securtity Token is changed into M1,, call the service of the E2 of enterprise along with soap message sends together.
The acting server of b, the E2 of enterprise can receive ciphertext, and obtains the symmetric key SK1 process of symmetric key (obtain as shown in Figure 4) of deciphering usefulness, and ciphertext is decrypted, and obtains the Role Information of service requester.The E2 of enterprise utilizes PKIX to obtain the PKI of the E1 of enterprise, utilizes it to verify the integrality of asserting, prevents to assert to be revised by user or enterprise, and confirms that the E1 of enterprise is this publisher who asserts, prevents to assert to be replaced.
C, acting server obtain the service access strategy of the E2 of enterprise, judge that according to delegated strategy can this service requester call this service.If have no right to call this service, then request finishes.Otherwise, call service, and in service, generate SOAP, and encrypt with SK1 and to send the service request of carrying out the E3 of enterprise according to the information of asserting that obtains and solicited message.
The acting server of d, the E3 of enterprise can receive ciphertext, and obtains the symmetric key SK1 process of symmetric key (obtain as shown in Figure 4) of deciphering usefulness, and ciphertext is decrypted, and obtains the Role Information of service requester.The E3 of enterprise utilizes PKIX to obtain the PKI of the E1 of enterprise, utilizes it to verify the integrality of asserting, prevents to assert to be revised by user or enterprise, and confirms that the E1 of enterprise is this publisher who asserts, prevents to assert to be replaced.
E, acting server obtain the service access strategy of the E3 of enterprise, judge that according to delegated strategy can this service requester call this service.If have no right to call this service, then request finishes, and notice request person A.Otherwise service of calling and return results are given the service of the E2 of enterprise.
Above-mentionedly obtain process that service requester generates symmetric key as shown in Figure 4, be specially:
1, service requester is to the PKI of the CA of authentication center request enterprise 1.
2, authentication center's PKI of the secret key encryption enterprise 1 of oneself, and send to service requester.
3, service requester obtains the PKI of enterprise 1 with the PKI deciphering of authentication center.
4, the service requester symmetric key of public key encryption oneself generation that obtains, and send to enterprise 1.
5, the private key of enterprise's 1 usefulness oneself is deciphered the ciphertext of receiving, obtains symmetric key.
The basic steps of above step (1)~(3) for doing, through behind step (1)~(3), the combined identity certification process of later on each Web service chain only needs to get final product according to step (4) and (5), have only when needs are revised mark or service access strategy, just need carry out step (1)~(3) again.

Claims (6)

1, a kind of combined identity certification method of Web service chain is characterized in that: concrete steps are,
(1) role's body management: the role domain expert defines role's body, makes each enterprise's understanding Role Information separately;
(2) semantic tagger: each enterprise utilizes public role's body that the role of this enterprise is carried out semantic tagger, forms the character file that each enterprise can mutual understanding;
(3) access strategy management: each enterprise sets up the tactful territory at the security domain access control according to the trusting degree of other enterprises is formulated the service access strategy of this enterprise;
(4) SAMLToken asserts generation: utilize PKI and symmetric key to obtain and assert, and guarantee that the user is safe when request is asserted and obtain to assert;
(5) based on the combined identity certification of acting on behalf of: the role who serves as the strategic decision-making center by acting server, be responsible for asserting the Role Information that obtains the requestor according to SAMLToken, obtain Policy List by the strategic decision-making center, and carry out authority and judge, whether the decision requestor can visit respective service;
Wherein step (1)~(3) are the basic steps that must do, through behind step (1)~(3), the combined identity certification process of later on each Web service chain only needs to get final product according to step (4) and (5), have only when needs are revised mark or service access strategy, just need carry out step (1)~(3) again.
2, the combined identity certification method of Web service chain according to claim 1 is characterized in that: adopt OWL as role's ontology describing language in the described step (1), with the instrument of Protege as manual creation role body.
3, the combined identity certification method of Web service chain according to claim 1 is characterized in that: the keeper of each enterprise carries out semantic tagger according to role's body of having set up in the described step (2), forms the WSROLE file.
4, the combined identity certification method of Web service chain according to claim 1, it is characterized in that: the middle service access strategy of described step (3) is responsible for the delegated strategy of the service of this enterprise is divided, managed, by the association between user, role, service, authority is defined, formulate reasonable complete access control policy, set up tactful territory at the security domain access control.
5, the combined identity certification method of Web service chain according to claim 1, it is characterized in that: the middle requestor of described step (4) utilizes PKI, private key techniques to obtain SAML from owned enterprise safely earlier and asserts, utilize the XML signature technology to guarantee non-repudiation of asserting and the integrality of asserting again.
6, the combined identity certification method of Web service chain according to claim 1, it is characterized in that: the combined identity certification process of service chaining is specially in the described step (5), given service requester identity R_Identity={e, R} and a service chaining SC={S 1, S 2... S i..., S n, have only as each S iAll authentication success just shows the service chaining authentication success, otherwise authentification failure is promptly worked as
Figure A2009100982170003C1
Authentication success during for TRUE, otherwise authentification failure, wherein the formula that will arrive in the middle of the said process is described as,
(A) service chaining descriptive model, a service SC is a n tuple
SC={S 1,S 2,…S i,…,S n},S i={s,E i},E i={e 1,…e j,…e m},
e j={ r 1... r k... r l, wherein:
A, S iRepresent a service of certain enterprise;
B, s represent the n of enterprise iCertain concrete service, E iThe expression n of enterprise iService s allow other enterprise's set of visit;
C, e jThe expression e of enterprise jCan visit the n of enterprise iService s;
D, r kThe expression e of enterprise jUnder role r kCan visit the n of enterprise iService s, the role here all be with role's domain body corresponding;
(B) service requester identity descriptive model, a requestor Request is one 2 tuple
R_Identity={e, R}, R={r 1..., r i, wherein:
A, R_Identity model assert abstract come out from SAMLToken, so that the authentication of formal expression service chaining;
B, e represent the enterprise under the requestor, and R represents the role set of requestor in owned enterprise;
C, r iSome roles in the expression enterprise, the role here are corresponding with role's domain body;
(C) service authentication operation, given service requester identity R_Identity={e, R} and a service S i={ s, E i, if e ∈ is E i(suppose e=e j) and R ∩ e j≠ Φ then represents authentication success, otherwise authentification failure.
CNA200910098217XA 2009-04-30 2009-04-30 Combined identity certification method of Web service chain Pending CN101552784A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA200910098217XA CN101552784A (en) 2009-04-30 2009-04-30 Combined identity certification method of Web service chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA200910098217XA CN101552784A (en) 2009-04-30 2009-04-30 Combined identity certification method of Web service chain

Publications (1)

Publication Number Publication Date
CN101552784A true CN101552784A (en) 2009-10-07

Family

ID=41156775

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA200910098217XA Pending CN101552784A (en) 2009-04-30 2009-04-30 Combined identity certification method of Web service chain

Country Status (1)

Country Link
CN (1) CN101552784A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035846A (en) * 2010-12-22 2011-04-27 北京航空航天大学 Social network user identity authentication method based on relation statement
CN101764742B (en) * 2009-12-30 2015-09-23 福建星网锐捷网络有限公司 A kind of network resource visit control system and method
CN105229987A (en) * 2013-03-15 2016-01-06 微软技术许可有限责任公司 The initiatively mobile authentication of associating
CN105812323A (en) * 2014-12-30 2016-07-27 Tcl集团股份有限公司 Method and device for accessing data by crossing network domains
CN106134155A (en) * 2014-03-29 2016-11-16 阿卡麦科技公司 Flow for the acceleration by carrying outer safety certification device loads
CN106506521A (en) * 2016-11-28 2017-03-15 腾讯科技(深圳)有限公司 resource access control method and device
CN107567704A (en) * 2015-04-27 2018-01-09 思科技术公司 Pass through checking using the network path with interior metadata
CN111245888A (en) * 2019-12-24 2020-06-05 北京中盾安全技术开发公司 Video image service management method
CN111314318A (en) * 2020-01-20 2020-06-19 扆亮海 Cross-domain authorized access control system for safety interoperation between different domains
CN111625866A (en) * 2020-05-28 2020-09-04 广东浪潮大数据研究有限公司 Authority management method, system, equipment and storage medium
CN111800440A (en) * 2020-09-08 2020-10-20 平安国际智慧城市科技股份有限公司 Multi-policy access control login method and device, computer equipment and storage medium

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764742B (en) * 2009-12-30 2015-09-23 福建星网锐捷网络有限公司 A kind of network resource visit control system and method
CN102035846A (en) * 2010-12-22 2011-04-27 北京航空航天大学 Social network user identity authentication method based on relation statement
US10382434B2 (en) 2013-03-15 2019-08-13 Microsoft Technology Licensing, Llc Actively federated mobile authentication
CN105229987A (en) * 2013-03-15 2016-01-06 微软技术许可有限责任公司 The initiatively mobile authentication of associating
CN105229987B (en) * 2013-03-15 2019-09-27 微软技术许可有限责任公司 Actively united mobile authentication
CN106134155B (en) * 2014-03-29 2020-01-24 阿卡麦科技公司 Method relating to overlay network
CN106134155A (en) * 2014-03-29 2016-11-16 阿卡麦科技公司 Flow for the acceleration by carrying outer safety certification device loads
CN105812323B (en) * 2014-12-30 2019-08-27 Tcl集团股份有限公司 A kind of method and apparatus of the cross-domain access data of network
CN105812323A (en) * 2014-12-30 2016-07-27 Tcl集团股份有限公司 Method and device for accessing data by crossing network domains
CN107567704A (en) * 2015-04-27 2018-01-09 思科技术公司 Pass through checking using the network path with interior metadata
CN107567704B (en) * 2015-04-27 2020-11-24 思科技术公司 Network path pass authentication using in-band metadata
CN106506521A (en) * 2016-11-28 2017-03-15 腾讯科技(深圳)有限公司 resource access control method and device
US10757106B2 (en) 2016-11-28 2020-08-25 Tencent Technology (Shenzhen) Company Limited Resource access control method and device
CN111245888A (en) * 2019-12-24 2020-06-05 北京中盾安全技术开发公司 Video image service management method
CN111314318A (en) * 2020-01-20 2020-06-19 扆亮海 Cross-domain authorized access control system for safety interoperation between different domains
CN111625866A (en) * 2020-05-28 2020-09-04 广东浪潮大数据研究有限公司 Authority management method, system, equipment and storage medium
CN111625866B (en) * 2020-05-28 2024-04-19 广东浪潮大数据研究有限公司 Authority management method, system, equipment and storage medium
CN111800440A (en) * 2020-09-08 2020-10-20 平安国际智慧城市科技股份有限公司 Multi-policy access control login method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN101552784A (en) Combined identity certification method of Web service chain
US11720891B2 (en) Method and system for zero-knowledge and identity based key management for decentralized applications
CN105991278B (en) A kind of ciphertext access control method based on CP-ABE
Boritz et al. Security in XML-based financial reporting services on the Internet
CN100571129C (en) The method and system that the trust infrastructure of federated user life cycle management is supported
CN101390333B (en) Account linking with privacy keys
AU2017225928A1 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
KR100561629B1 (en) Integrated Security Information Management System and Its Method
CN112839046B (en) Traceable anonymous crowdsourcing method and system based on block chain
Slamanig et al. User-centric identity as a service-architecture for eIDs with selective attribute disclosure
Zhang et al. A secure quantum voting scheme based on quantum group blind signature
Chou et al. Security development in Web Services environment
Fragoso-Rodriguez et al. Federated identity architectures
Seamons et al. TrustBuilder: negotiating trust in dynamic coalitions
King Threats and Solutions to Web Services Security
DeLooze Providing web service security in a federated environment
Raymond Choo Issue report on business adoption of Microsoft Passport
Bakshi Improving privacy in e-governance in a country Like India using attribute-based cryptographic Schemes
Karantjias et al. A user-centric and federated Single-Sign-On IAM system for SOA e/m-frameworks
Shang et al. SAML based unified access control model for inter-platform educational resources
Meduri Webservice security
Camenisch et al. A language framework for privacy-preserving attribute-based authentication
Veeningen et al. A formal privacy analysis of identity management systems
Gaignard et al. A distributed security policy for neuroradiology data sharing
Kogan Web services security-focus on SAML and XACML

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20100108

Address after: 38, Da Da Lu, Xihu District, Zhejiang, Hangzhou Province, China: 310027

Applicant after: Zhejiang University

Co-applicant after: INSIGMA GROUP CO., LTD.

Address before: 38, Da Da Lu, Xihu District, Zhejiang, Hangzhou Province, China: 310027

Applicant before: Zhejiang University

C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20091007