电子政务门户中SSO接口的设计与实现
|
摘要
目前,政府各个部门的业务系统各自为政,相互之间缺少信息资源共享和业务协同,造成了所谓的“信息孤岛”;另外,业务系统间存在安全边界,造成用户在访问不同应用系统时需要多次输入用户名和口令,导致用户不便,同时带来安全问题。因此,整合政务信息资源,实现信息共享,建立部门间业务协同,对消除“信息孤岛”,实现“一点登录、多点漫游”,加强与民交流,体现个性化服务,促进服务型政府建设显得尤为重要。
本论文的研究是建立在一个湖北省政务门户项目的基础之上。针对湖北省电子政务现状,遵循“整合原有系统,集成后续应用”的原则,制定了政务门户实施方案;针对政务门户的核心功能模块——单点登录,研究比较了当前几种单点登录实现模型,结合系统整体设计思想及现状,提出采用基于经纪人的单点登录模型;剖析其工作原理机制,本文提出了一种系统整体单点登录设计方案,设计了其详细流程;并对单点登录设计中的安全问题,提出采用3DES在应用层对关键信息进行加解密:针对湖北省政务门户中的应用系统集成问题,详细设计了应用系统集成规范;最后,通过单点登录在湖北省政务门户中的具体实现及效果,验证了本文研究的有效性和可行性。
本文主要工作在于建立一套基于经纪人的单点登录模型,在实际运用当中,通过重定向和数据加密技术来实现其功能并整合集成业务应用系统,对于实现电子政务信息资源共享、促进部门业务系统间的业务协同、为进一步实现系统决策支持和实现部门垂直业务通道提供支撑,在电子政务建设中具有重要的指导意义和参考价值。
At present, the business system in the government departments has been separated into fragmented operational systems, and lacks mutual share of information resources and operational synergies. They result in the so-called "islands of information". In addition, there are secure borders existed in which causes users to need to enter a user name and correspording password while accessing different applications and this makes users inconvenient and also brings security issues. Therefore, the integration of government information resources, information share and the establishment of inter-business coordination, will play important roles in eliminating "information islands", realizing "that logged more roaming", strengthening exchanges with the people, reflecting personalized services, and promoting a service-oriented government, it is particularly important to the building.
In this paper, the study is based on a project in Hubei Province chief portal foundation. According to the actuality of Hubei e-government and the "integration of legacy systems, integrated follow-up application" principle, the solution of the chiefportal considering of the core functional module------Single Sign-on in chief portal,SSO model based on the broker is proposed after comparing the current several SSO models, which is combind with the overall system design idea and the current department. By analyzing its mechanism principle, SSO design in the overall system is given and the detailed design process is shown in this paper. For confirming the safety in single sign-on 3DES key information the Application Layer in issused to encrypt and decrypt. Considering of the application integeration problem in the Hubei Provincial Chief portal, the application system integration specification is designed in detail. Finally, the SSO in Hubei Province Chief portal is implemented, and its running and effects show the effectiveness and feasibility of this method.
In this paper, the main work lies in the establishment of SSO based on the broker model. In practical application, to realize their functional integrated business applications and integrated systems through redirection and data encryption technology, the realization of e-Government will play an important guiding role and value in the sharing information, promoting the business coordination of departments, realizing the further decision support systems and the vertical business channel among departments.
本论文的研究是建立在一个湖北省政务门户项目的基础之上。针对湖北省电子政务现状,遵循“整合原有系统,集成后续应用”的原则,制定了政务门户实施方案;针对政务门户的核心功能模块——单点登录,研究比较了当前几种单点登录实现模型,结合系统整体设计思想及现状,提出采用基于经纪人的单点登录模型;剖析其工作原理机制,本文提出了一种系统整体单点登录设计方案,设计了其详细流程;并对单点登录设计中的安全问题,提出采用3DES在应用层对关键信息进行加解密:针对湖北省政务门户中的应用系统集成问题,详细设计了应用系统集成规范;最后,通过单点登录在湖北省政务门户中的具体实现及效果,验证了本文研究的有效性和可行性。
本文主要工作在于建立一套基于经纪人的单点登录模型,在实际运用当中,通过重定向和数据加密技术来实现其功能并整合集成业务应用系统,对于实现电子政务信息资源共享、促进部门业务系统间的业务协同、为进一步实现系统决策支持和实现部门垂直业务通道提供支撑,在电子政务建设中具有重要的指导意义和参考价值。
At present, the business system in the government departments has been separated into fragmented operational systems, and lacks mutual share of information resources and operational synergies. They result in the so-called "islands of information". In addition, there are secure borders existed in which causes users to need to enter a user name and correspording password while accessing different applications and this makes users inconvenient and also brings security issues. Therefore, the integration of government information resources, information share and the establishment of inter-business coordination, will play important roles in eliminating "information islands", realizing "that logged more roaming", strengthening exchanges with the people, reflecting personalized services, and promoting a service-oriented government, it is particularly important to the building.
In this paper, the study is based on a project in Hubei Province chief portal foundation. According to the actuality of Hubei e-government and the "integration of legacy systems, integrated follow-up application" principle, the solution of the chiefportal considering of the core functional module------Single Sign-on in chief portal,SSO model based on the broker is proposed after comparing the current several SSO models, which is combind with the overall system design idea and the current department. By analyzing its mechanism principle, SSO design in the overall system is given and the detailed design process is shown in this paper. For confirming the safety in single sign-on 3DES key information the Application Layer in issused to encrypt and decrypt. Considering of the application integeration problem in the Hubei Provincial Chief portal, the application system integration specification is designed in detail. Finally, the SSO in Hubei Province Chief portal is implemented, and its running and effects show the effectiveness and feasibility of this method.
In this paper, the main work lies in the establishment of SSO based on the broker model. In practical application, to realize their functional integrated business applications and integrated systems through redirection and data encryption technology, the realization of e-Government will play an important guiding role and value in the sharing information, promoting the business coordination of departments, realizing the further decision support systems and the vertical business channel among departments.
引文
属性不符
[14]Tierui Chen,Bin B.Zhu,Shipeng Li,Xueqi Cheng.《ThresPassport-A Distributed Single Sign-On Service》.Proceedings of the International Conference on Intelligent Computing,Part 2LNCS 3645,2005:771-780
[15]A.Pashalidis and C.J.Mitchell.《A Taxonomy of Single Sign-On Systems》.8~(th)Australasian Conf.Info.Security and Privacy(ACISP)2003,Wollongong,Australia,July 9-11,2003,Safavi-Naini andJ.Seberry(eds.),LNCS vol.2727,Springer-Verlag,July 2003:249-264
[16]陈勇跃《电子政务信息资源整合研究》硕士学位论文 武汉大学 2005年
[17]Calvin M.L.Chan,YiMeng Lau,Shan L.Pan 《E-government implementation:A macro analysis of Singapore's e-government initiatives》 ScienceDirect Government Information Quarterly 25(2008)239-255
[18]邱惠君,由鲜举,黄鹏《国外电子政务建设现状与启示》(信息产业部电子科技情报研究所北京 100041)
[19]邓军《单点登录在电子政务中的研究与应用》硕士学位论文 湖南大学 2006年
[20]刘颖《我国电子政务建设发展现状与预测》 2005-05-3当代通信
[21]Wanhua XU.《Local E-government in China:A Study in the Context of Adminktration》 The Fifth Wuhan International Conference on E-Business--e-Business Track 985
[22]LiuYinbin,Liu jie.《How E-Government Helps Combat Corruption in Developing Countries》The Third Wuhan International Conference On E-Business 20040604 392-399
[23]Jane B-ket-ramarat 《E-Government Finance in China》 Statistical Reports on the Intenret Development in China The 15th Survey Report http://www.conic.uet.cn/download/2005/2005012701.pdf
[24]《2006-2020年国家信息化发展战略》新华网2006年05月08日http://news.xinhuanet.com/newscenter/2006-05/08/content_4522878.htm
[25]Jian Anna Xiong 《Current status and needs of Chinese e-government users》 Chinese e-government users The Electronic Library Vol.24 No.6,2006.747-762
[26]《全国电子政务工作座谈会召开》国务院办公厅2006年6月20日
[27][2002]17号文《国家信息化领导小组关于我国电子政务建设指导意见》中办发
[28]Liu H Z.Li L.Zhu A H.The Discussiou of Crid Security Problem[J]Microcomputer Develop ment,2004,14(2):114-116
[29]http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconcom monlanguageruntimeoverview.asp
[30]http://www.microsoft.com/china/office/sharepoint/prodinfo/default.mspx
[31]Chong Fu,Huiyan Jiang,HuiLi,Weiyong Zhu 《An Efficient Implementation of RSA Digital Signature Algorithm》 The Fifth Wuhan International Conference on E-Business-e-Business Track 143-147
[32]http://www.hbca.org.cn/cl.jsp
[33]YIN Yong,LI Yu Article ID:1007-1202(2006)06-1414-05 《Security Considerations Based on PKI/CAin Manufacturing Grid》 Wuhan University Journal of Natural Sciences Vol.11 No.6 2006
[34]Kaining Lu,Xiangyun Tu,Jun Zou 《Design And Implemention of DHCP&LDAP Directory Service Integrated Management System》2002成都国际通信线路系统会议20020629 758-762
[35]《目录服务规范》2005年5月中华人民共和国科学技术部发布
[36]杨飞《梳理门户》湖北省信息化月刊2007.3
[37]http://www.capnet.net.cn/kfzx/cjwt-yj2.asp
[38]Martin Stadler Teradyne GmbH 81673 Munchen,Dingolfinger Str.2 《New Method for Application Oriented Production Test of RFID Devices used In Contactless AmartCard Applications》 SEMICON China 2002 Technical Symposium 187-200
[39]http://blog.csdn.net/justionpanye/archive/2007/09/30/1807440.aspx
[40]周宏宇《校园网统一身份认证系统的设计与实现》硕士学位论文 大连理工大学 2005.3
[41]孙文静《基于网络通信的数据加密系统的应用研究》硕士学位论文 南京气象学院 2003.4
[42]OSI七层网络模型学习指南http://www.chinaitlab.com/www/techspecial/osi/
[43]吴钰锋,刘泉,李方敏《网络安全中的密码技术研究及其应用》真空电子技术2004年第6期
[44]古尚戎《.NET架程序员参考手册》常规操作篇[M]国防工业出版社 2001.10-13.
[45]吉杰,林洽欣《用三重DES加密.NET数据库连接字符串》计算机工程与设计2007.2月4期
[14]Tierui Chen,Bin B.Zhu,Shipeng Li,Xueqi Cheng.《ThresPassport-A Distributed Single Sign-On Service》.Proceedings of the International Conference on Intelligent Computing,Part 2LNCS 3645,2005:771-780
[15]A.Pashalidis and C.J.Mitchell.《A Taxonomy of Single Sign-On Systems》.8~(th)Australasian Conf.Info.Security and Privacy(ACISP)2003,Wollongong,Australia,July 9-11,2003,Safavi-Naini andJ.Seberry(eds.),LNCS vol.2727,Springer-Verlag,July 2003:249-264
[16]陈勇跃《电子政务信息资源整合研究》硕士学位论文 武汉大学 2005年
[17]Calvin M.L.Chan,YiMeng Lau,Shan L.Pan 《E-government implementation:A macro analysis of Singapore's e-government initiatives》 ScienceDirect Government Information Quarterly 25(2008)239-255
[18]邱惠君,由鲜举,黄鹏《国外电子政务建设现状与启示》(信息产业部电子科技情报研究所北京 100041)
[19]邓军《单点登录在电子政务中的研究与应用》硕士学位论文 湖南大学 2006年
[20]刘颖《我国电子政务建设发展现状与预测》 2005-05-3当代通信
[21]Wanhua XU.《Local E-government in China:A Study in the Context of Adminktration》 The Fifth Wuhan International Conference on E-Business--e-Business Track 985
[22]LiuYinbin,Liu jie.《How E-Government Helps Combat Corruption in Developing Countries》The Third Wuhan International Conference On E-Business 20040604 392-399
[23]Jane B-ket-ramarat 《E-Government Finance in China》 Statistical Reports on the Intenret Development in China The 15th Survey Report http://www.conic.uet.cn/download/2005/2005012701.pdf
[24]《2006-2020年国家信息化发展战略》新华网2006年05月08日http://news.xinhuanet.com/newscenter/2006-05/08/content_4522878.htm
[25]Jian Anna Xiong 《Current status and needs of Chinese e-government users》 Chinese e-government users The Electronic Library Vol.24 No.6,2006.747-762
[26]《全国电子政务工作座谈会召开》国务院办公厅2006年6月20日
[27][2002]17号文《国家信息化领导小组关于我国电子政务建设指导意见》中办发
[28]Liu H Z.Li L.Zhu A H.The Discussiou of Crid Security Problem[J]Microcomputer Develop ment,2004,14(2):114-116
[29]http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconcom monlanguageruntimeoverview.asp
[30]http://www.microsoft.com/china/office/sharepoint/prodinfo/default.mspx
[31]Chong Fu,Huiyan Jiang,HuiLi,Weiyong Zhu 《An Efficient Implementation of RSA Digital Signature Algorithm》 The Fifth Wuhan International Conference on E-Business-e-Business Track 143-147
[32]http://www.hbca.org.cn/cl.jsp
[33]YIN Yong,LI Yu Article ID:1007-1202(2006)06-1414-05 《Security Considerations Based on PKI/CAin Manufacturing Grid》 Wuhan University Journal of Natural Sciences Vol.11 No.6 2006
[34]Kaining Lu,Xiangyun Tu,Jun Zou 《Design And Implemention of DHCP&LDAP Directory Service Integrated Management System》2002成都国际通信线路系统会议20020629 758-762
[35]《目录服务规范》2005年5月中华人民共和国科学技术部发布
[36]杨飞《梳理门户》湖北省信息化月刊2007.3
[37]http://www.capnet.net.cn/kfzx/cjwt-yj2.asp
[38]Martin Stadler Teradyne GmbH 81673 Munchen,Dingolfinger Str.2 《New Method for Application Oriented Production Test of RFID Devices used In Contactless AmartCard Applications》 SEMICON China 2002 Technical Symposium 187-200
[39]http://blog.csdn.net/justionpanye/archive/2007/09/30/1807440.aspx
[40]周宏宇《校园网统一身份认证系统的设计与实现》硕士学位论文 大连理工大学 2005.3
[41]孙文静《基于网络通信的数据加密系统的应用研究》硕士学位论文 南京气象学院 2003.4
[42]OSI七层网络模型学习指南http://www.chinaitlab.com/www/techspecial/osi/
[43]吴钰锋,刘泉,李方敏《网络安全中的密码技术研究及其应用》真空电子技术2004年第6期
[44]古尚戎《.NET架程序员参考手册》常规操作篇[M]国防工业出版社 2001.10-13.
[45]吉杰,林洽欣《用三重DES加密.NET数据库连接字符串》计算机工程与设计2007.2月4期