本文選題：統(tǒng)一身份認(rèn)證 + 單點登錄��； 參考：《上海交通大學(xué)》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)的發(fā)展,網(wǎng)絡(luò)應(yīng)用不斷推廣,企業(yè)信息化程度也越來越深入。不論是大小企業(yè)還是政府機(jī)關(guān)都開始使用信息化系統(tǒng)來完成日常的工作,包括辦公自動化系統(tǒng)(OA)、財務(wù)管理系統(tǒng)、檔案管理系統(tǒng)、項目管理系統(tǒng)以及一些專業(yè)專用的信息系統(tǒng)等等。由于信息化系統(tǒng)的增多,致使用戶需要記憶更多的用戶名與密碼。若使用相同的賬號密碼則會帶來安全隱患,因此單點登錄與統(tǒng)一用戶管理必然成為發(fā)展趨勢。單點登錄技術(shù)是一種解決不同系統(tǒng)之間一次登錄,多次訪問的技術(shù)。用戶只需要主動地進(jìn)行一次身份認(rèn)證,就可以訪問其被授權(quán)使用的資源而不需要再次認(rèn)證。隨著網(wǎng)絡(luò)技術(shù)的不斷完善,單點登錄技術(shù)目前已經(jīng)有不少比較成熟的解決方案。其中既有實現(xiàn)便捷,免費獲取的開源方案,也有用戶體驗好、安全性高的商用解決方案。然而對于企業(yè)不同的業(yè)務(wù)需求,多樣的網(wǎng)絡(luò)架構(gòu),無論是開源的還是商用的單點登錄解決方案,都需要根據(jù)企業(yè)的業(yè)務(wù)情況進(jìn)行定制。以我國的航空設(shè)計制造業(yè)為例,我國的航空工業(yè)起步較晚,項目周期長,涉及范圍廣,業(yè)務(wù)模式復(fù)雜,用戶的需求也隨著產(chǎn)品的全生命周期過程而逐漸提出。包括預(yù)定義階段、初步設(shè)計階段,詳細(xì)設(shè)計階段、全面試制階段、適航取證階段,以及最后的試制、批產(chǎn)和售后階段。這些階段用戶關(guān)注的內(nèi)容都不盡相同,據(jù)此實施的各類信息化系統(tǒng)都需要跨專業(yè)、跨地域、多環(huán)境下的協(xié)調(diào)。尤其是在已有眾多分散的應(yīng)用系統(tǒng)的情況下,如何以最優(yōu)的方案整合企業(yè)資源,實現(xiàn)統(tǒng)一的用戶管理與單點登錄,這是項目實施首要關(guān)注的問題。因此實施單點登錄與統(tǒng)一用戶管理面臨著很大的挑戰(zhàn)。本論文以航空設(shè)計制造業(yè)單點登錄與統(tǒng)一用戶管理作為研究對象進(jìn)行探討,以尋求一種通用的解決方案,為其他行業(yè)的信息化提供參考。論文研究了國內(nèi)外單點登錄技術(shù)的現(xiàn)狀以及目前市場上成熟的商業(yè)產(chǎn)品,并比較其優(yōu)缺點。同時對論文研究涉及的相關(guān)技術(shù)原理進(jìn)行了探討,包括單點登錄技術(shù)、跨域訪問原理、分布式系統(tǒng)。這些工作主要是為了根據(jù)論文的研究目標(biāo)尋求解決方案,為分布式跨域單點登錄模型的設(shè)計做技術(shù)準(zhǔn)備。本論文的主要工作內(nèi)容如下:1)分析航空設(shè)計制造業(yè)的信息化現(xiàn)狀,提出系統(tǒng)需求:最大程度上利用現(xiàn)有資源實現(xiàn)統(tǒng)一用戶管理,改善用戶使用體驗,保證數(shù)據(jù)安全,使其具備推廣價值。2)從業(yè)務(wù)模型、系統(tǒng)需求與系統(tǒng)架構(gòu)等方面使用UML統(tǒng)一建模語言進(jìn)行建模,提煉出分布式跨域單點登錄模型。論文提出模型實現(xiàn)的目標(biāo)是:在異構(gòu)的、跨域環(huán)境中,將現(xiàn)有應(yīng)用系統(tǒng)整合起來,以最小的改造代價實現(xiàn)單點登錄與統(tǒng)一用戶管理。3)采用IBM的商用產(chǎn)品TAM(Tivoli Access Manager)實現(xiàn)跨域單點登錄功能,以及多個認(rèn)證中心間的認(rèn)證互信,以確保良好的單點登錄用戶體驗。組織、用戶管理功能、用戶信息同步功能均通過自行編碼實現(xiàn)。論文利用Web Service技術(shù)來解決多個認(rèn)證中心之間、以及認(rèn)證中心與應(yīng)用系統(tǒng)之間的組織、用戶信息同步的問題。4)根據(jù)模型設(shè)計要求,選取一個業(yè)務(wù)系統(tǒng)進(jìn)行實施,以驗證本論文所提出的跨域單點登錄模型的正確性與可行性。通過對系統(tǒng)進(jìn)行功能測試和性能測試,模擬組織、用戶信息的增刪改操作,測試認(rèn)證中心與分中心之間的實時同步功能,以及認(rèn)證分中心與所要求的目標(biāo)應(yīng)用系統(tǒng)之間的定時同步功能是否達(dá)到設(shè)計要求。單點登錄的性能在并發(fā)用戶兩百的情況下,CPU使用率小于70%,符合性能標(biāo)準(zhǔn)。測試結(jié)果表明該系統(tǒng)在功能及非功能方面均滿足了用戶需求。系統(tǒng)已上線運行,在運行期間,系統(tǒng)表現(xiàn)出良好的安全性與穩(wěn)定性,用戶滿意度也有所提高。這說明分布式跨域單點登錄模型在航空設(shè)計制造業(yè)實現(xiàn)統(tǒng)一用戶管理和單點登錄是適用的。
[Abstract]:With the development of the Internet, the application of the network has been popularized, and the degree of enterprise information is becoming more and more in-depth. Both the large and small enterprises and government agencies have started to use the information system to complete the daily work, including the office automation system (OA), the financial management system, the archives management system, the project management system and some specialized specialties. Information systems and so on. Because of the increase of information system, users need to remember more username and password. If using the same account password will bring security risks, single sign on and unified user management will inevitably become a development trend. Single sign on technology is a solution of one login and multiple access between different systems. Technology. Users only need to actively carry out an identity authentication to access their authorized resources without re authentication. With the continuous improvement of network technology, there are many mature solutions to single sign on technology. There are both convenient and free access to open source solutions, and user experience. Good, high security commercial solutions. However, for the different business needs of the enterprise, a variety of network architectures, both open source and commercial single sign on solutions, need to be customized according to the business conditions of the enterprise. For example, China's aviation industry is late and the project cycle is long. It has a wide range and complex business model, and the needs of users are also gradually proposed with the whole life cycle of the product. It includes predefined phase, preliminary design phase, detailed design phase, comprehensive trial stage, seaworthiness forensics stage, and final trial system, batch production and post sale stage. All kinds of information systems that are implemented need cross professional, cross regional and multi environment coordination. Especially in the case of many distributed application systems, how to integrate the enterprise resources with the best scheme and realize the unified user management and single sign on is the main concern of the project. Therefore, the implementation of single sign on and unification is carried out. One user management is facing a great challenge. This paper is based on the research object of single sign on and unified user management in aeronautical design and manufacturing, in order to seek a general solution and provide reference for other industries. The present situation of single sign on technology at home and abroad and the mature business on the market are studied in this paper. Industry products, and compare their advantages and disadvantages. At the same time, the paper discusses the relevant technical principles involved in the thesis research, including single sign on, cross domain access principle and distributed system. These work are mainly for the purpose of seeking solutions according to the research objectives of the paper. This paper is a technical preparation for the design of distributed cross domain single sign on model. The main contents are as follows: 1) analysis the information status of aviation design and manufacturing industry, and put forward the system requirements: to maximize the use of existing resources to realize unified user management, improve user experience, ensure data security, and make it have the popularization value.2) from the business model, system requirements and system architecture, such as the use of UML unified modeling. The goal of the model implementation is to integrate the existing application systems in the heterogeneous and cross domain environment, implement single sign on and unified user management.3 with the minimum cost of transformation, and use the IBM's commercial product TAM (Tivoli Access Manager) to realize cross domain single point boarding. Recording functions and authentication and mutual trust between multiple authentication centers to ensure a good single sign on user experience. Organization, user management functions, user information synchronization functions are implemented by self encoding. The paper uses Web Service technology to solve multiple authentication centers, as well as the organization between the authentication center and the application system, and user information Synchronization problem.4) according to the design requirements of the model, a business system is selected to implement the correctness and feasibility of the cross domain single sign on model proposed in this paper. Through the function test and performance test of the system, the simulation organization, the operation of user information, and the testing of the real time between the authentication center and the sub center. The synchronization function, as well as the timing synchronization function between the authentication sub center and the required target application system, meets the design requirements. The performance of single sign on is less than 70% in the case of concurrent user two hundred, which meets the performance standards. The test results show that the system meets the user requirements in both power and non functional aspects. The system has been running on line. During the operation, the system shows good security and stability, and the user satisfaction is improved. This shows that the distributed cross domain single sign on model is applicable to the implementation of unified user management and single sign on in the aviation design and manufacturing industry.
【學(xué)位授予單位】：上海交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 胡雅琴;;單點登錄技術(shù)現(xiàn)狀調(diào)查與分析[J];軟件產(chǎn)業(yè)與工程;2014年01期

相關(guān)碩士學(xué)位論文 前1條

1 趙雪霏;DGIS項目業(yè)主方項目組織管理的應(yīng)用和研究[D];上海交通大學(xué);2009年

，

本文編號：1950127