基于联盟身份认证和CALIS联合认证的图书馆资源访问方案

doi:10.3969/j.issn.1000-436x.2013.Z2.014

通信学报 ›› 2013, Vol. 34 ›› Issue (Z2): 69-73.doi: 10.3969/j.issn.1000-436x.2013.Z2.014

基于联盟身份认证和CALIS联合认证的图书馆资源访问方案

吕洁^1,²,陈萍^1,²,王文清³,张扬^1,²,张蓓^1,²

¹ 北京大学计算中心，北京 100871
² 北京大学网络与软件安全保障教育部重点实验室，北京 100871
³ 中国高等教育文献保障系统(CALIS)管理中心，北京 100871

出版日期:2013-12-25 发布日期:2017-06-16
基金资助:
国家发展改革委2011年国家信息安全专项“基于可信身份联盟和云计算的数字资源安全防护服务”基金资助项目

Library resource sharing solution based on federated authentication and CALIS unified authentication

Jie LV^1,²,Ping CHEN^1,²,Wen-qing WANG³,Yang ZHANG^1,²,Bei ZHANG^1,²

¹ Computer Center,Peking University,Beijing 100871,China
² Key Laboratory of Network and Software Security Assurance Ministry of Education,Peking University,Beijing 100871,China
³ Management Center of China Academic Library and Information System (CALIS),Beijing 100871,China

Online:2013-12-25 Published:2017-06-16
Supported by:
2011 National Information Security Special Project “A Digital Resource Security Protection Service Based on Reliable Identity Federation and Cloud Computing” Progect Funded by National Development and Reform Commission

摘要/Abstract

摘要：

针对图书馆电子资源的访问控制问题，对国际上广泛采用的联盟身份认证技术和在国内图书馆大范围部署的CALIS联合认证进行了分析，提出了将联盟身份认证与CALIS联合认证相结合的方案，井在CARSI联盟的平台上进行了开发、部署和验证，实验结果表明，联盟身份认证与 CALIS 联合认证相结合的方案可以有效、灵活地对电子资源进行访问控制。

关键词: 联盟身份认证, 访问控制, CALIS联合认证

Abstract:

To address the problem of enforcing access control for library digital resources,federated authentication technologies were analyze which are widely used in the world,and CALIS unified authentication technologies that are widely deployed in China’s libraries were also analyzed.A solution integrating federated authentication and CALIS unified authentication technologies was proposed,which was developed,deployed and tested on the test-bed of CARSI federation.Test results show the proposed solution enforces effective and flexible access control for library resources.

Key words: federated authentication, access control, CALIS unified authentication

吕洁,陈萍,王文清,张扬,张蓓. 基于联盟身份认证和CALIS联合认证的图书馆资源访问方案[J]. 通信学报, 2013, 34(Z2): 69-73.

Jie LV,Ping CHEN,Wen-qing WANG,Yang ZHANG,Bei ZHANG. Library resource sharing solution based on federated authentication and CALIS unified authentication[J]. Journal on Communications, 2013, 34(Z2): 69-73.

图/表 4

参考文献 10

[1]	RAGOUZIS N , HUGHES J , PHILPOTT R ,et al. Security assertion markup language(SAML) V2.0 technical overview[EB/OL]. . 2008.
[2]	TAKAAKI K , HIROAKI S , NORITOSHI D ,et al. Design and implementation of web forward proxy with shibboleth authentication[A]. 2011 IEEE/IPSJ 11th International Symposium on Applications and the Internet (SAINT)[C]. Munich,Germany, 2011. 321-326.
[3]	EZProxy authentication and access software[EB/OL]..
[4]	RIEGER S . Using federated identities to access IP-protected web resources in multi-customer environments[A]. 2010 Fifth International Conference on Internet and Web Applications and Services (ICIW)[C]. Ohio,USA, 2010. 478-483.
[5]	HARDING P , JOHANSSON L , KLINGENSTEIN N . Dynamic security assertion markup language:simplifying single sign-on[J]. IEEE Security ＆ Privacy, 2008,6(2): 83-85.
[6]	KOMURA T , NAGAI Y , HASHIMOTO S ,et al. Proposal of delegation using electronic certificates on single sign-on system with SAML-protocol[A]. 2009 Ninth Annual International Symposium on Applications and the Internet (SAINT)[C]. Seattle,USA, 2009. 235-238.
[7]	SATO H , NISHIMURA T . Federated authentication in a hierarchy of IdPs by using shibboleth[A]. 2011 IEEE/IPSJ 11th International Symposium on Applications and the Internet(SAINT)[C]. Munich,Germany, 2011. 327-332.
[8]	YAMAJI K , KATAOKA T , NAKAMURA M ,et al. Attribute aggregating system for shibboleth based access management federation[A]. 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT)[C]. Seoul,Korea, 2010. 281-284.
[9]	RIEGER S . User-centric identity management in heterogeneous federations[A]. 2009 Fourth International Conference on Internet and Web Applications and Services(ICIW)[C]. Cape Town,South Africa, 2009. 527-532.
[10]	Internet2 middleware architecture committee for education directory working group,eduPerson specification[EB/OL]..2013.

[1]	金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41.
[2]	梁晓艳, 杜瑞忠. IoT下CapBAC规则语义表示及其时间间隔粗糙性分析[J]. 通信学报, 2021, 42(9): 43-53.
[3]	董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021, 42(8): 139-150.
[4]	彭长根, 彭宗凤, 丁红发, 田有亮, 刘荣飞. 具有可撤销功能的属性协同访问控制方案[J]. 通信学报, 2021, 42(5): 75-86.
[5]	应作斌, 斯元平, 马建峰, 刘西蒙. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021, 42(5): 205-215.
[6]	杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021, 42(3): 160-170.
[7]	张嘉伟, 马建峰, 马卓, 李腾. 云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案[J]. 通信学报, 2021, 42(10): 81-94.
[8]	诸天逸,李凤华,金伟,郭云川,房梁,成林. 互操作性与自治性平衡的跨域访问控制策略映射[J]. 通信学报, 2020, 41(9): 29-48.
[9]	周清雷,班绍桓,韩英杰,冯峰. 针对物理访问控制的拟态防御认证方法[J]. 通信学报, 2020, 41(6): 80-87.
[10]	贾春福,哈冠雄,李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020, 41(5): 72-83.
[11]	付永贵,朱建明. 基于区块链的数据库访问控制机制设计[J]. 通信学报, 2020, 41(5): 130-140.
[12]	谢绒娜,李晖,史国振,郭云川. 基于属性轻量级可重构的访问控制策略[J]. 通信学报, 2020, 41(2): 112-122.
[13]	刘敖迪, 杜学绘, 王娜, 乔蕊. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020, 41(12): 8-20.
[14]	谢绒娜, 李晖, 史国振, 郭云川, 张铭, 董秀则. 基于区块链的可溯源访问控制机制[J]. 通信学报, 2020, 41(12): 82-93.
[15]	丁红发,彭长根,田有亮,向淑文. 基于演化博弈的隐私风险自适应访问控制模型[J]. 通信学报, 2019, 40(12): 9-20.

基于联盟身份认证和CALIS联合认证的图书馆资源访问方案

Library resource sharing solution based on federated authentication and CALIS unified authentication

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 10

相关文章 15

Metrics

推荐阅读 0