Title :
Construct cross-domain authentication and authorization in CNGI networks
Author :
Chen Huang ; Zhong-Xian Li ; Yi-Xian Yang
Author_Institution :
Inf. Security Center, Beijing Univ. of Posts & Telecommun., Beijing
Abstract :
This paper presents a novel scheme about cross- domain authentication and authorization middleware technology based on SAML (security assertion markup language) and XACML (extensible access control markup language). The middleware was constructed in CNGI (China next generation Internet) networks to demonstrate the advantage of unified infrastructure. It was built through integration with IdP (identity provider), SP (service provider) and DT (DigitalTrust) software products. Not only are the brief architecture and process of the middleware described in the paper, but also many useful experiences are summarized and suggestions are shared by us, the actual builders. Consequently, one kind of identity and privilege exchange mechanism was put into practical application. The unified management and deployment model would be a good example for consideration by future developers.
Keywords :
authorisation; middleware; security of data; CNGI networks; China next generation Internet; DigitalTrust; authorization middleware technology; cross-domain authentication; extensible access control markup language; identity provider; security assertion markup language; service provider; Authentication; Authorization; Information security; Markup languages; Middleware; Open source software; Protocols; Safety; Standardization; XML;
Conference_Titel :
Industrial Electronics and Applications, 2008. ICIEA 2008. 3rd IEEE Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4244-1717-9
Electronic_ISBN :
978-1-4244-1718-6
DOI :
10.1109/ICIEA.2008.4582756
