CN106375323A - Kerberos identity authentication method in multi-tenant mode - Google Patents

Kerberos identity authentication method in multi-tenant mode Download PDF

Info

Publication number
CN106375323A
CN106375323A CN201610812123.4A CN201610812123A CN106375323A CN 106375323 A CN106375323 A CN 106375323A CN 201610812123 A CN201610812123 A CN 201610812123A CN 106375323 A CN106375323 A CN 106375323A
Authority
CN
China
Prior art keywords
cluster
tenant
service
hbase
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610812123.4A
Other languages
Chinese (zh)
Inventor
宋丽丽
周庆勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Software Co Ltd
Original Assignee
Inspur Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Software Co Ltd filed Critical Inspur Software Co Ltd
Priority to CN201610812123.4A priority Critical patent/CN106375323A/en
Publication of CN106375323A publication Critical patent/CN106375323A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method for kerberos identity authentication in a multi-tenant mode, which belongs to the field of big data security, wherein before a user executes a task, the user authenticates himself through an authentication server to obtain TGT; a user requests a Service Ticket of the access Service to a Ticket authorization server through the TGT, and the KDC generates a session key and then sends the session key to the client; the client authenticates itself to the service through the service ticket to complete the identity authentication. And the user realizes the safe data operation between the server side hadoop big data cluster components hdfs, hive, hbase, spark and other components through the bill.

Description

Kerberos identity authentication method under a kind of multi-tenant pattern
Technical field
The present invention relates to big data security fields, the side of kerberos authentication under more particularly, to a kind of multi-tenant pattern Method.
Background technology
With the popularization developing rapidly with computer utility of cloud computing technology, mass data is had moved high in the clouds.Especially It is intellectuality, the universalness of terminal unit, the more information of people also gradually stores beyond the clouds.Mass data storage and calculating Safety problem is also following, how to ensure the safety of data.There are not safety certification, all sections in acquiescence cluster in hadoop Point is all reliable, trusty.User does not need when storing data into hdfs or executing task by mapreduce engine Safety verification.Cloud massive data major part is stored in the hdfs of hadoop cluster, and data calculates is drawn by mapreduce Hold up, spark engine etc.;Will necessarily exist and disguise oneself as real user or server intrudes into hadoop cluster, distort hdfs number According to or malice submit to operation, change jobtracker state, disguise oneself as tasktracker, namenode receive an assignment.High in the clouds Hadoop cluster safety guarantee, become emphasis of concern.Kerberos be for computer network identity differentiate, be by A set of tripartite's safety authentication protocol that mit designs and develops, and written into rfc standard, design object is to be by cipher key system Client/server applications provide powerful authentication service, are characterized in that user only needs to input authentication letter Breath just can establish shared key so that this association by the bill multiple services of access between each client and service View has higher safety.Kerberos can solve the problems, such as hadoop safety certification, including user to server, server Enterprise-level to the certification of server is increased income solution.The present invention is extended based on kerberos, solves facing cloud and puts down Under platform, multi-tenant uses data in the Verify Your Identity questions of hadoop big data cluster and the storage of hadoop big data, calculating field Integrity, confidentiality.Because kerberos certification has a lot of drawbacks, so the one kind under proposing facing cloud platform is based on The enterprise level solution of kerberos agreement multi-tenant authentication.
Content of the invention
In order to solve above technical problem, the present invention proposes a kind of side of kerberos authentication under multi-tenant pattern Method.User is realized and the server end hadoop large data sets group assembly such as part hdfs, hive, hbase, spark by bill Between secure data operation.The present invention can support that in cloud platform, hadoop cluster type is to exclusively enjoy and shared model, and supports Tenant has secure access to the mechanism of platform in both modes by kerberos authentication.
How user's bill that tenant's generation has unique time stamps accesses shared cluster, and tenant passes through big data assembly Bill is realized interacting with the server end hadoop large data sets group assembly such as part hdfs, hive, hbase, spark.Real The isolation of existing tenant data and sharing functionality, provide unified task resource scheduling and isolation mech isolation test between tenant.
Described big data assembly bill be respectively hdfs.headless.keytab, hive.service.keytab, Hbase.service.keytab, spark.headless.keytab etc..
Described task resource scheduling and isolation mech isolation test, Floor layer Technology is by hadoop yarn resource isolation technology Lai real Existing;Front end provides Portable Batch System web interface as the unified entrance of Portable Batch System.
Before user's execution task, first pass through certificate server (as) certification oneself, obtain tgt (ticket granting ticket);User passes through tgt (ticket granting ticket) to ticket authorisation server (ticket granting Server the service ticket of access service, kdc) is asked to issue client in the lump after generating session key;Visitor Service ticket is passed through to service authentication oneself in family end, completes authentication.
Concretely comprise the following steps:
(1), the key of kerberos certification is put on reliable node in advance in clustered deploy(ment);When cluster runs, in cluster Node obtain certification using key;Only certified node of crossing could normally use;
(2), after tenant's application big data cluster, server end is that each tenant generates in units of cluster and has timestamp In unique mark keytab file, wherein hadoop cluster, each assembly can have corresponding keytab file;
(3) use under cloud platform it is possible to hold keytab file after, tenant obtains the keytab file of each assembly of cluster Big data service;Before wherein to hdfs, hive, hbase, spark operation, need kinit order certification;Wherein right Before hdfs, hive, hbase, spark operation, need kinit order certification.
(4), big data assembly is operated;
(5), pass through step (3), (4) and can achieve hdfs, hbase, hive, spark assembly in operation cloud platform cluster, simultaneously There is provided Data Share System between mathematical logic isolation and tenant to shared cluster for different tenants.
Kerberos can solve the problems, such as hadoop safety certification in big data.There is provided certification to client trusty, and The function of downloading kerberos related credentials is provided the user on web interface, the user's ticket with unique time stamps can be obtained According to trust voucher, reduce client bill be acquired or attempt obtain client identity probability reduce;Tenant passes through user Bill enters neatly develops third-party application under line, it is several greatly with cloud platform hadoop cluster that tenant relies on user's bill to be realized Access according to safety storage, task resource rational management, flexible data etc..
The invention has the beneficial effects as follows
The present invention can be shared or exclusively enjoy type cluster according to tenant's business demand application, and supports each tenant in cloud platform Multiple big data service clusters can be applied for.For each cluster of tenant, platform can be carried for tenant based on kerberos agreement Access the certification billing information of cluster for the keytab file of corresponding big data assembly, krb5.conf etc..
The present invention can solve enterprise and exclusively enjoy sharing problem with public data, root for sensitive data in hadoop cluster According to group type to the different authentication information of tenant's distribution, and tenant is provided to download large data sets group on web page Part corresponding keytab file, facilitates user by keytab file cache to local, is locally developed the related big number of debugging According to business procedure, facilitate exploitation third party application under tenant's line.Emphasis of the present invention is inquired into and is realized how under multi-tenant environment Using shared cluster, and still can ensure that each tenant data resource isolation.
Brief description
Fig. 1 is kerberos verification process schematic diagram.
Specific embodiment
Below present disclosure is carried out with more detailed elaboration:
Implementation procedure is as follows:
Table 1 is the technical term used in kerberos verification process:
Table 1
(1), the key of kerberos certification is put on reliable node in advance in clustered deploy(ment).When cluster runs, in cluster Node obtain certification using key.Only certified node of crossing could normally use.Attempt the node pretended to be due to there is no thing The key information first obtaining is it is impossible to communicate with the node of cluster internal.
(2), after tenant's application big data cluster, server end generates in units of cluster for each tenant and has the time The unique mark keytab file of stamp, wherein in hadoop cluster, each assembly can have corresponding keytab file.For example (hbase_1465694161526.keytab).
(3) cloud is used to put down it is possible to hold keytab file after, tenant obtains the keytab file of each assembly of cluster Big data service under platform.Before wherein to hdfs, hive, hbase, spark operation, need kinit order certification.As follows:
1),kinit -k -t /etc/security/keytabs/hdfs.headless.keytab hdfs- clustername@idap.com
2),kinit -k -t /etc/security/keytabs/hive.service.keytab hive/ hiveserver2hostname@idap.com
3),kinit -k -t /etc/security/keytabs/hbase.service.keytab hbase/ hbasemasterserverhostname@idap.com
4),kinit -k -t /etc/security/keytabs/spark.headless.keytab spark- clustername@idap.com
Wherein, idap.com is domain name;Clustername is cluster name;Hiveserver2hostname is hive The corresponding hostname of server place machine;Hbasemasterserverhostname is hbase master server The corresponding hostname of place machine.
(4), big data assembly is operated, need to obtain hbse to before hbase operation taking hbase as a example Connection, below for the main code of acquisition hbase connection after cluster installation kerberos assembly:
configuration conf = hbaseconfiguration.create();
//hadoop cluster security authentication mechanism adopts kerberos certification
conf.set("hadoop.security.authentication", "kerberos");
Whether //hadoop certification opens security authorization mechanism
conf.set("hadoop.security.authorization", "true");
//hbase cluster safety authentication mechanism adopts kerberos certification
conf.set("hbase.security.authentication", "kerberos");
Whether //hbase opens security authorization mechanism
conf.set("hbase.security.authorization", "true");
The kerberos certification of //master principal name (be made up of three parts: service or user's name, instance name and Domain name)
conf.set("hbase.master.kerberos.principal","hbase/_host@idap.com");
The principal name of the kerberos certification of //regionserver (is made up of three parts: service or user's name, Instance Name Claim and domain name)
conf.set("hbase.regionserver.kerberos.principal","hbase/_host@idap.com");
The url configuration of //zookeeper cluster, multiple host middle comma () segmentation
conf.set("hbase.zookeeper.quorum","idap-agent-server.idap.com,idap-agent- 216.idap.com,idap-server-210.idap.com");
Configuration in the zoo.conf of //zookeeper.The port that client connects
conf.set("hbase.zookeeper.property.clientport", "2181");
The root znode of the hbase in //zookeeper
conf.set("zookeeper.znode.parent", "/hbase-secure");
if ("kerberos".equals(conf.get("hbase.security.authentication"))) {
// obtain kerberos Profile Path (krb is kerberos configuration file)
string krbstr = thread.currentthread().getcontextclassloader()
.getresource("krb5.conf").getfile();
// initial configuration file
system.setproperty("java.security.krb5.conf", krbstr);
// obtain user's bill (the keytab filename of oneself application need to be replaced with)
string keystr = thread.currentthread().getcontextclassloader()
.getresource("hbase.service.keytab").getfile();
// it is authenticated (the kerberos billing information of oneself application need to be replaced with) using bill and voucher
usergroupinformation.setconfiguration(conf);
usergroupinformation.loginuserfromkeytab(
"hbase/idap-server-210.idap.com@idap.com", keystr);
connect = connectionfactory.createconnection(conf);
}
(5), pass through step (3), (4) and can achieve hdfs, hbase, hive, spark associated component in operation cloud platform cluster, There is provided Data Share System between mathematical logic isolation and tenant to shared cluster for different tenants it is ensured that different tenant data simultaneously Isolation, safety, motility etc..To tenant task scheduling can adopt hadoop yarn mechanism, simultaneously support internal memory with The scheduling of cpu two spike-type cultivars and isolation;The task that tenant submits to, can adopt quartz framework, enter according to time order and function order The timer-triggered scheduler of row task, maximized utilization cluster resource.

Claims (3)

1. under a kind of multi-tenant pattern kerberos identity authentication method it is characterised in that
Before user's execution task, first pass through certificate server certification oneself, obtain tgt;User passes through tgt to ticket authorisation service The service ticket of access service asked by device, and kdc issues client after generating session key in the lump;Client By service ticket to service authentication oneself, complete authentication.
2. method according to claim 1 it is characterised in that
Concretely comprise the following steps:
(1), the key of kerberos certification is put on reliable node in advance in clustered deploy(ment);When cluster runs, in cluster Node obtain certification using key;Only certified node of crossing could normally use;
(2), after tenant's application big data cluster, server end is that each tenant generates in units of cluster and has timestamp In unique mark keytab file, wherein hadoop cluster, each assembly can have corresponding keytab file;
(3) use under cloud platform it is possible to hold keytab file after, tenant obtains the keytab file of each assembly of cluster Big data service;Before wherein to hdfs, hive, hbase, spark operation, need kinit order certification;
(4), big data assembly is operated;
(5), pass through step (3), (4) and can achieve hdfs, hbase, hive, spark assembly in operation cloud platform cluster, simultaneously There is provided Data Share System between mathematical logic isolation and tenant to shared cluster for different tenants.
3. method according to claim 2 it is characterised in that
In step 3), before wherein hdfs, hive, hbase, spark being operated, need kinit order certification.
CN201610812123.4A 2016-09-09 2016-09-09 Kerberos identity authentication method in multi-tenant mode Pending CN106375323A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610812123.4A CN106375323A (en) 2016-09-09 2016-09-09 Kerberos identity authentication method in multi-tenant mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610812123.4A CN106375323A (en) 2016-09-09 2016-09-09 Kerberos identity authentication method in multi-tenant mode

Publications (1)

Publication Number Publication Date
CN106375323A true CN106375323A (en) 2017-02-01

Family

ID=57899444

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610812123.4A Pending CN106375323A (en) 2016-09-09 2016-09-09 Kerberos identity authentication method in multi-tenant mode

Country Status (1)

Country Link
CN (1) CN106375323A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656514A (en) * 2017-03-02 2017-05-10 北京搜狐新媒体信息技术有限公司 kerberos authentication cluster access method, SparkStandalone cluster, and driving node of SparkStandalone cluster
CN107066867A (en) * 2017-03-11 2017-08-18 郑州云海信息技术有限公司 A kind of big data cluster resource allocation methods and device
CN107147649A (en) * 2017-05-11 2017-09-08 成都四象联创科技有限公司 Data-optimized dispatching method based on cloud storage
CN107483491A (en) * 2017-09-19 2017-12-15 山东大学 The access control method of distributed storage under a kind of cloud environment
CN108959952A (en) * 2017-05-23 2018-12-07 中国移动通信集团重庆有限公司 data platform authority control method, device and equipment
CN108964900A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 A kind of modified Kerberos identity authorization system and method based on group key pond
CN108964897A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 Identity authorization system and method based on group communication
CN108964895A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 User-to-User identity authorization system and method based on group key pond and improvement Kerberos
CN109067705A (en) * 2018-06-28 2018-12-21 如般量子科技有限公司 Modified Kerberos identity authorization system and method based on group communication
CN109213584A (en) * 2018-07-27 2019-01-15 阿里巴巴集团控股有限公司 Task executing method, device, electronic equipment and computer readable storage medium
CN109617734A (en) * 2018-12-25 2019-04-12 北京市天元网络技术股份有限公司 Network operation capability analysis method and device
CN109802927A (en) * 2017-11-17 2019-05-24 航天信息股份有限公司 A kind of security service providing method and device
CN111597536A (en) * 2020-05-19 2020-08-28 重庆第二师范学院 Hadoop cluster kerberos high-availability authentication method
CN112311830A (en) * 2019-07-31 2021-02-02 华为技术有限公司 Cloud storage-based Hadoop cluster multi-tenant authentication system and method
CN112540830A (en) * 2020-12-21 2021-03-23 广州华资软件技术有限公司 Method for simultaneously supporting multiple Kerberos authentication in single JVM process
CN113377454A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Method for realizing Flink dynamic connection Kerberos authentication component
CN114745130A (en) * 2022-04-02 2022-07-12 杭州玳数科技有限公司 Authentication method and device for multiple KDC data sources
CN115913793A (en) * 2023-03-09 2023-04-04 浪潮电子信息产业股份有限公司 Security authentication method, system, electronic device, distributed storage system, and medium
CN116016624A (en) * 2022-12-26 2023-04-25 浪潮云信息技术股份公司 Method, device and equipment for calling Kerberos bill information

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296235A (en) * 2008-06-13 2008-10-29 华为技术有限公司 Computer network authentication method, system and server
CN102025748A (en) * 2011-01-04 2011-04-20 深信服网络科技(深圳)有限公司 Method, device and system for acquiring user name of Kerberos authentication mode
CN104363095A (en) * 2014-11-12 2015-02-18 浪潮(北京)电子信息产业有限公司 Method for establishing hadoop identity authentication mechanism
CN104754047A (en) * 2015-03-26 2015-07-01 浪潮集团有限公司 Cross-platform unified management method for cluster storage system users
CN105740408A (en) * 2016-01-28 2016-07-06 东软集团股份有限公司 Hadoop cluster calling method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296235A (en) * 2008-06-13 2008-10-29 华为技术有限公司 Computer network authentication method, system and server
CN102025748A (en) * 2011-01-04 2011-04-20 深信服网络科技(深圳)有限公司 Method, device and system for acquiring user name of Kerberos authentication mode
CN104363095A (en) * 2014-11-12 2015-02-18 浪潮(北京)电子信息产业有限公司 Method for establishing hadoop identity authentication mechanism
CN104754047A (en) * 2015-03-26 2015-07-01 浪潮集团有限公司 Cross-platform unified management method for cluster storage system users
CN105740408A (en) * 2016-01-28 2016-07-06 东软集团股份有限公司 Hadoop cluster calling method and device

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656514A (en) * 2017-03-02 2017-05-10 北京搜狐新媒体信息技术有限公司 kerberos authentication cluster access method, SparkStandalone cluster, and driving node of SparkStandalone cluster
CN106656514B (en) * 2017-03-02 2019-05-31 北京搜狐新媒体信息技术有限公司 Kerberos authenticates cluster access method, SparkStandalone cluster and its driving node
CN107066867A (en) * 2017-03-11 2017-08-18 郑州云海信息技术有限公司 A kind of big data cluster resource allocation methods and device
CN107147649A (en) * 2017-05-11 2017-09-08 成都四象联创科技有限公司 Data-optimized dispatching method based on cloud storage
CN108959952A (en) * 2017-05-23 2018-12-07 中国移动通信集团重庆有限公司 data platform authority control method, device and equipment
CN108959952B (en) * 2017-05-23 2020-10-30 中国移动通信集团重庆有限公司 Data platform authority control method, device and equipment
CN107483491A (en) * 2017-09-19 2017-12-15 山东大学 The access control method of distributed storage under a kind of cloud environment
CN109802927A (en) * 2017-11-17 2019-05-24 航天信息股份有限公司 A kind of security service providing method and device
CN109802927B (en) * 2017-11-17 2021-06-11 航天信息股份有限公司 Security service providing method and device
CN108964895A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 User-to-User identity authorization system and method based on group key pond and improvement Kerberos
CN108964900A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 A kind of modified Kerberos identity authorization system and method based on group key pond
CN109067705A (en) * 2018-06-28 2018-12-21 如般量子科技有限公司 Modified Kerberos identity authorization system and method based on group communication
CN108964897A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 Identity authorization system and method based on group communication
CN109067705B (en) * 2018-06-28 2020-12-01 如般量子科技有限公司 Improved Kerberos identity authentication system and method based on group communication
CN108964900B (en) * 2018-06-28 2021-03-02 如般量子科技有限公司 Improved Kerberos identity authentication system and method based on group key pool
CN109213584A (en) * 2018-07-27 2019-01-15 阿里巴巴集团控股有限公司 Task executing method, device, electronic equipment and computer readable storage medium
CN109617734A (en) * 2018-12-25 2019-04-12 北京市天元网络技术股份有限公司 Network operation capability analysis method and device
CN109617734B (en) * 2018-12-25 2021-12-07 北京市天元网络技术股份有限公司 Network operation capability analysis method and device
CN112311830B (en) * 2019-07-31 2022-03-01 华为云计算技术有限公司 Cloud storage-based Hadoop cluster multi-tenant authentication system and method
CN112311830A (en) * 2019-07-31 2021-02-02 华为技术有限公司 Cloud storage-based Hadoop cluster multi-tenant authentication system and method
CN111597536A (en) * 2020-05-19 2020-08-28 重庆第二师范学院 Hadoop cluster kerberos high-availability authentication method
CN111597536B (en) * 2020-05-19 2023-05-05 重庆第二师范学院 Hadoop cluster kerberos high availability authentication method
CN112540830A (en) * 2020-12-21 2021-03-23 广州华资软件技术有限公司 Method for simultaneously supporting multiple Kerberos authentication in single JVM process
CN113377454A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Method for realizing Flink dynamic connection Kerberos authentication component
CN114745130A (en) * 2022-04-02 2022-07-12 杭州玳数科技有限公司 Authentication method and device for multiple KDC data sources
CN114745130B (en) * 2022-04-02 2023-12-08 杭州玳数科技有限公司 Authentication method and device for multi-KDC data source
CN116016624A (en) * 2022-12-26 2023-04-25 浪潮云信息技术股份公司 Method, device and equipment for calling Kerberos bill information
CN115913793A (en) * 2023-03-09 2023-04-04 浪潮电子信息产业股份有限公司 Security authentication method, system, electronic device, distributed storage system, and medium

Similar Documents

Publication Publication Date Title
CN106375323A (en) Kerberos identity authentication method in multi-tenant mode
CN105577665B (en) Identity and access control management system and method under a kind of cloud environment
CN107483491A (en) The access control method of distributed storage under a kind of cloud environment
US20230370265A1 (en) Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control
CN110597832A (en) Government affair information processing method and device based on block chain network, electronic equipment and storage medium
WO2018213519A1 (en) Secure electronic transaction authentication
TWI678909B (en) Safety authentication method, device and system
US9143496B2 (en) Device authentication using device environment information
CN104506487B (en) The credible execution method of privacy policy under cloud environment
CN101277193A (en) One-point entry and access system based on authentication service acting information facing to service architecture
DE112018005203T5 (en) Authentication using delegated identities
CN109165500A (en) A kind of single sign-on authentication system and method based on cross-domain technology
CN110557276B (en) Block chain computer room management system based on Fabric architecture
CN108377200A (en) Cloud user management method and system based on LDAP and SLURM
CN110198318A (en) A kind of container service user authen method
CN111694743A (en) Service system detection method and device
ShuLin et al. Research on unified authentication and authorization in microservice architecture
CN108170510A (en) A kind of managing computing resources system based on virtualization technology
Wang et al. On-chain and off-chain collaborative management system based on consortium blockchain
CN102412969B (en) Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof
CN104994086B (en) A kind of control method and device of data-base cluster permission
Chen et al. A self-sovereign decentralized identity platform based on blockchain
CN112291244A (en) Multi-tenant method for industrial production data real-time processing platform system
CN114785526B (en) Multi-user multi-batch weight distribution calculation and storage processing system based on block chain
Chen et al. Design of web service single sign-on based on ticket and assertion

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170201

RJ01 Rejection of invention patent application after publication