Federated environment consists of multiple domains, traditional cross domain authentication model has many defects like weak cross domain ability, overload of authentication server, cookie hidden danger and non-cross domain limitation. The paper analyzes the security risks of the current authentication model, then we propose a cross domain federal identity authentication model, which adopts the multi-agent authentication mechanism based on unified public key encryption and token active mass mechanism. The multi-agent authentication mechanism based on unified public key encryption can effectively prevent the forgery of Cookie and token, it can also improve the efficiency of cross domain access; the token mass mechanism can convert the authentication model from the passive request pattern to the active response pattern, which can shorten the transmission time. Finally, we carry out the security analysis and verification on the base of instances for the new cross domain authentication model, the results show that the improved authentication model has a higher cross domain ability and processing efficiency, meanwhile it can ensure the security of the information transmission.
[1]
Hu Chun-zhi.
Design and Implementation of CD-SSO Based on SAML
,
2012
.
[2]
Chris J. Mitchell,et al.
A Taxonomy of Single Sign-On Systems
,
2003,
ACISP.
[3]
David W. Chadwick,et al.
Federated Identity Management
,
2009,
FOSAD.
[4]
Martín Abadi,et al.
Prudent engineering practice for cryptographic protocols
,
1994,
Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.
[5]
Suziah Sulaiman,et al.
A study on threat model for federated identities in federated identity management system
,
2010,
2010 International Symposium on Information Technology.
[6]
Elisa Bertino,et al.
Establishing and protecting digital identity in federation systems
,
2005,
DIM '05.