本文選題：統(tǒng)一身份認(rèn)證 + 單點(diǎn)登錄��； 參考：《上海交通大學(xué)》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)的發(fā)展,網(wǎng)絡(luò)應(yīng)用不斷推廣,企業(yè)信息化程度也越來(lái)越深入。不論是大小企業(yè)還是政府機(jī)關(guān)都開(kāi)始使用信息化系統(tǒng)來(lái)完成日常的工作,包括辦公自動(dòng)化系統(tǒng)(OA)、財(cái)務(wù)管理系統(tǒng)、檔案管理系統(tǒng)、項(xiàng)目管理系統(tǒng)以及一些專(zhuān)業(yè)專(zhuān)用的信息系統(tǒng)等等。由于信息化系統(tǒng)的增多,致使用戶(hù)需要記憶更多的用戶(hù)名與密碼。若使用相同的賬號(hào)密碼則會(huì)帶來(lái)安全隱患,因此單點(diǎn)登錄與統(tǒng)一用戶(hù)管理必然成為發(fā)展趨勢(shì)。單點(diǎn)登錄技術(shù)是一種解決不同系統(tǒng)之間一次登錄,多次訪問(wèn)的技術(shù)。用戶(hù)只需要主動(dòng)地進(jìn)行一次身份認(rèn)證,就可以訪問(wèn)其被授權(quán)使用的資源而不需要再次認(rèn)證。隨著網(wǎng)絡(luò)技術(shù)的不斷完善,單點(diǎn)登錄技術(shù)目前已經(jīng)有不少比較成熟的解決方案。其中既有實(shí)現(xiàn)便捷,免費(fèi)獲取的開(kāi)源方案,也有用戶(hù)體驗(yàn)好、安全性高的商用解決方案。然而對(duì)于企業(yè)不同的業(yè)務(wù)需求,多樣的網(wǎng)絡(luò)架構(gòu),無(wú)論是開(kāi)源的還是商用的單點(diǎn)登錄解決方案,都需要根據(jù)企業(yè)的業(yè)務(wù)情況進(jìn)行定制。以我國(guó)的航空設(shè)計(jì)制造業(yè)為例,我國(guó)的航空工業(yè)起步較晚,項(xiàng)目周期長(zhǎng),涉及范圍廣,業(yè)務(wù)模式復(fù)雜,用戶(hù)的需求也隨著產(chǎn)品的全生命周期過(guò)程而逐漸提出。包括預(yù)定義階段、初步設(shè)計(jì)階段,詳細(xì)設(shè)計(jì)階段、全面試制階段、適航取證階段,以及最后的試制、批產(chǎn)和售后階段。這些階段用戶(hù)關(guān)注的內(nèi)容都不盡相同,據(jù)此實(shí)施的各類(lèi)信息化系統(tǒng)都需要跨專(zhuān)業(yè)、跨地域、多環(huán)境下的協(xié)調(diào)。尤其是在已有眾多分散的應(yīng)用系統(tǒng)的情況下,如何以最優(yōu)的方案整合企業(yè)資源,實(shí)現(xiàn)統(tǒng)一的用戶(hù)管理與單點(diǎn)登錄,這是項(xiàng)目實(shí)施首要關(guān)注的問(wèn)題。因此實(shí)施單點(diǎn)登錄與統(tǒng)一用戶(hù)管理面臨著很大的挑戰(zhàn)。本論文以航空設(shè)計(jì)制造業(yè)單點(diǎn)登錄與統(tǒng)一用戶(hù)管理作為研究對(duì)象進(jìn)行探討,以尋求一種通用的解決方案,為其他行業(yè)的信息化提供參考。論文研究了國(guó)內(nèi)外單點(diǎn)登錄技術(shù)的現(xiàn)狀以及目前市場(chǎng)上成熟的商業(yè)產(chǎn)品,并比較其優(yōu)缺點(diǎn)。同時(shí)對(duì)論文研究涉及的相關(guān)技術(shù)原理進(jìn)行了探討,包括單點(diǎn)登錄技術(shù)、跨域訪問(wèn)原理、分布式系統(tǒng)。這些工作主要是為了根據(jù)論文的研究目標(biāo)尋求解決方案,為分布式跨域單點(diǎn)登錄模型的設(shè)計(jì)做技術(shù)準(zhǔn)備。本論文的主要工作內(nèi)容如下:1)分析航空設(shè)計(jì)制造業(yè)的信息化現(xiàn)狀,提出系統(tǒng)需求:最大程度上利用現(xiàn)有資源實(shí)現(xiàn)統(tǒng)一用戶(hù)管理,改善用戶(hù)使用體驗(yàn),保證數(shù)據(jù)安全,使其具備推廣價(jià)值。2)從業(yè)務(wù)模型、系統(tǒng)需求與系統(tǒng)架構(gòu)等方面使用UML統(tǒng)一建模語(yǔ)言進(jìn)行建模,提煉出分布式跨域單點(diǎn)登錄模型。論文提出模型實(shí)現(xiàn)的目標(biāo)是:在異構(gòu)的、跨域環(huán)境中,將現(xiàn)有應(yīng)用系統(tǒng)整合起來(lái),以最小的改造代價(jià)實(shí)現(xiàn)單點(diǎn)登錄與統(tǒng)一用戶(hù)管理。3)采用IBM的商用產(chǎn)品TAM(Tivoli Access Manager)實(shí)現(xiàn)跨域單點(diǎn)登錄功能,以及多個(gè)認(rèn)證中心間的認(rèn)證互信,以確保良好的單點(diǎn)登錄用戶(hù)體驗(yàn)。組織、用戶(hù)管理功能、用戶(hù)信息同步功能均通過(guò)自行編碼實(shí)現(xiàn)。論文利用Web Service技術(shù)來(lái)解決多個(gè)認(rèn)證中心之間、以及認(rèn)證中心與應(yīng)用系統(tǒng)之間的組織、用戶(hù)信息同步的問(wèn)題。4)根據(jù)模型設(shè)計(jì)要求,選取一個(gè)業(yè)務(wù)系統(tǒng)進(jìn)行實(shí)施,以驗(yàn)證本論文所提出的跨域單點(diǎn)登錄模型的正確性與可行性。通過(guò)對(duì)系統(tǒng)進(jìn)行功能測(cè)試和性能測(cè)試,模擬組織、用戶(hù)信息的增刪改操作,測(cè)試認(rèn)證中心與分中心之間的實(shí)時(shí)同步功能,以及認(rèn)證分中心與所要求的目標(biāo)應(yīng)用系統(tǒng)之間的定時(shí)同步功能是否達(dá)到設(shè)計(jì)要求。單點(diǎn)登錄的性能在并發(fā)用戶(hù)兩百的情況下,CPU使用率小于70%,符合性能標(biāo)準(zhǔn)。測(cè)試結(jié)果表明該系統(tǒng)在功能及非功能方面均滿(mǎn)足了用戶(hù)需求。系統(tǒng)已上線(xiàn)運(yùn)行,在運(yùn)行期間,系統(tǒng)表現(xiàn)出良好的安全性與穩(wěn)定性,用戶(hù)滿(mǎn)意度也有所提高。這說(shuō)明分布式跨域單點(diǎn)登錄模型在航空設(shè)計(jì)制造業(yè)實(shí)現(xiàn)統(tǒng)一用戶(hù)管理和單點(diǎn)登錄是適用的。
[Abstract]:With the development of the Internet, the application of the network has been popularized, and the degree of enterprise information is becoming more and more in-depth. Both the large and small enterprises and government agencies have started to use the information system to complete the daily work, including the office automation system (OA), the financial management system, the archives management system, the project management system and some specialized specialties. Information systems and so on. Because of the increase of information system, users need to remember more username and password. If using the same account password will bring security risks, single sign on and unified user management will inevitably become a development trend. Single sign on technology is a solution of one login and multiple access between different systems. Technology. Users only need to actively carry out an identity authentication to access their authorized resources without re authentication. With the continuous improvement of network technology, there are many mature solutions to single sign on technology. There are both convenient and free access to open source solutions, and user experience. Good, high security commercial solutions. However, for the different business needs of the enterprise, a variety of network architectures, both open source and commercial single sign on solutions, need to be customized according to the business conditions of the enterprise. For example, China's aviation industry is late and the project cycle is long. It has a wide range and complex business model, and the needs of users are also gradually proposed with the whole life cycle of the product. It includes predefined phase, preliminary design phase, detailed design phase, comprehensive trial stage, seaworthiness forensics stage, and final trial system, batch production and post sale stage. All kinds of information systems that are implemented need cross professional, cross regional and multi environment coordination. Especially in the case of many distributed application systems, how to integrate the enterprise resources with the best scheme and realize the unified user management and single sign on is the main concern of the project. Therefore, the implementation of single sign on and unification is carried out. One user management is facing a great challenge. This paper is based on the research object of single sign on and unified user management in aeronautical design and manufacturing, in order to seek a general solution and provide reference for other industries. The present situation of single sign on technology at home and abroad and the mature business on the market are studied in this paper. Industry products, and compare their advantages and disadvantages. At the same time, the paper discusses the relevant technical principles involved in the thesis research, including single sign on, cross domain access principle and distributed system. These work are mainly for the purpose of seeking solutions according to the research objectives of the paper. This paper is a technical preparation for the design of distributed cross domain single sign on model. The main contents are as follows: 1) analysis the information status of aviation design and manufacturing industry, and put forward the system requirements: to maximize the use of existing resources to realize unified user management, improve user experience, ensure data security, and make it have the popularization value.2) from the business model, system requirements and system architecture, such as the use of UML unified modeling. The goal of the model implementation is to integrate the existing application systems in the heterogeneous and cross domain environment, implement single sign on and unified user management.3 with the minimum cost of transformation, and use the IBM's commercial product TAM (Tivoli Access Manager) to realize cross domain single point boarding. Recording functions and authentication and mutual trust between multiple authentication centers to ensure a good single sign on user experience. Organization, user management functions, user information synchronization functions are implemented by self encoding. The paper uses Web Service technology to solve multiple authentication centers, as well as the organization between the authentication center and the application system, and user information Synchronization problem.4) according to the design requirements of the model, a business system is selected to implement the correctness and feasibility of the cross domain single sign on model proposed in this paper. Through the function test and performance test of the system, the simulation organization, the operation of user information, and the testing of the real time between the authentication center and the sub center. The synchronization function, as well as the timing synchronization function between the authentication sub center and the required target application system, meets the design requirements. The performance of single sign on is less than 70% in the case of concurrent user two hundred, which meets the performance standards. The test results show that the system meets the user requirements in both power and non functional aspects. The system has been running on line. During the operation, the system shows good security and stability, and the user satisfaction is improved. This shows that the distributed cross domain single sign on model is applicable to the implementation of unified user management and single sign on in the aviation design and manufacturing industry.
【學(xué)位授予單位】：上海交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 胡雅琴;;單點(diǎn)登錄技術(shù)現(xiàn)狀調(diào)查與分析[J];軟件產(chǎn)業(yè)與工程;2014年01期

相關(guān)碩士學(xué)位論文 前1條

1 趙雪霏;DGIS項(xiàng)目業(yè)主方項(xiàng)目組織管理的應(yīng)用和研究[D];上海交通大學(xué);2009年

，

本文編號(hào)：1950127