Authorization model of SSO for a distributed environment based on the attributes

With the distributed application of computer technology and continuous development, more and more service systems provide us with information services, each service needs to have permission to verify this general requirement. At the same time, based on dynamic, loosely coupled environment, the business process will involve more than one ISP so that users need to face the trouble of multiple logins to complete it. Traditional users single sign-on (SSO) mechanism have solved the trouble of users´ multiple logins to complete the business [1]. However, the traditional authorization is based on the role of request access to the entity of resources, either directly or indirectly assigned to the login access to these entities or log on roles, but these are unable to meet current validation requirements service, for example: we need to verify the status of the entities, the balance, consumer grade and so on [2]. Therefore, this paper based on an open source framework, called CAS; develops a model of SSO Service authorization under distributed environment [4]. It uses the XACML to achieve an attribute based access control (ABAC) [3], this model is characterized by the following three points: 1. complete SSO under distributed environment [4], 2. Able to verify data sources from different databases when completing SSO; 3. Able to use property-based verification for more accurate authorization after authentication. These make access control to be more flexible, a wider range of usage and a finer granularity of control.