Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Distributed system authentication and permission management platform based on XACML and SAML under big data environment

A distributed system and rights management technology, applied in transmission systems, electrical components, etc., can solve problems such as poor portability, messy authentication, authorization, user role/authority conflicts, etc., to enhance scalability and make up for security problems Effect

Active Publication Date: 2017-03-22
东台城东科技创业园管理有限公司
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, in a distributed system, the authentication and authorization of users in different systems will be very messy. Different login methods, user role / permission conflicts, and account management will bring heavy burdens to system administrators and fine-grained permissions. A series of problems such as complex management, inconvenient cross-domain access for users, poor system scalability and portability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed system authentication and permission management platform based on XACML and SAML under big data environment
  • Distributed system authentication and permission management platform based on XACML and SAML under big data environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] XACML and SAML-based distributed system authentication and authority management platform under the big data environment of the present invention, such as figure 1 As shown, the hardware is mainly composed of a client, a SAML processing server, a subsystem XACML server, and a business processing system server. Among them, the client can be a computer, mobile phone, tablet, etc.; the SAML processing server can choose Dell R730, dual CPU, data center-level solid-state hard disk 300G, 32G memory, Raid5 array; the subsystem XACML server can choose Dell R730, dual CPU, data Center-level solid state drive 600G, 64G memory, Raid5 array; business processing system server can choose Dell R730, dual CPU, data center-level solid state drive 600G, 64G memory, Raid5 array. When working, the client sends a cross-domain request to the SAML processing server, and the SAML processing server replies the user account status information to the subsystem XACML server, and the user directl...

Embodiment 2

[0063] Using the distributed system authentication and authority management platform based on XACML and SAML in the big data environment of Embodiment 1, this embodiment provides the overall design of the enterprise big data distributed application example platform, and at the same time, the authorization management module and cross-domain authentication management Module, personnel management module, menu management module and log management module are implemented, and the key technologies and algorithms involved in them are introduced in detail.

[0064] 1) Institutional management

[0065] Department-role information maintenance is realized in the organization management module. In the system, users do not directly deal with roles. When users belong to a specific department, they also have the role information of the department. Each department can see the function menu that can be seen within the authority of the department.

[0066] When the authority of the depa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed system authentication and permission management platform based on XACML and SAML under a big data environment. The platform comprises a cross-domain authentication management module, an authorization management module, an organizational management module, a personnel management module, a menu management module and a log management module, wherein the cross-domain authentication management module is arranged on an SAML processing server, the authorization management module is arranged on a sub-system XACML server, and the organizational management module, the personnel management module, the menu management module and the log management module are all arranged on a business processing system server. The platform utilizes the XACML to perform authorization and access control on a user, and authenticate the identity of the user by using cross-domain data interaction of the SAML. User permission is limited by reading an XACML file of the user and using an XACML frame based on a RBAC access control module, and thus authorization on user granularity is greatly enhanced. In a distributed system, the different platform provides assertion by exchanging SAML information, so that information transmission between the platforms is safer, and the data transmission quantity is less.

Description

technical field [0001] The invention relates to the technical field of distributed platform management in a big data environment, in particular to a distributed system authentication and authority management platform based on XACML and SAML in a big data environment. Background technique [0002] In today's big data distributed system applications of some large enterprises, the distributed structure is relatively complex, and each application system uses different authorization and access control methods, and adopts different security strategies. For different application systems, storage and interaction between data, such as account management, login, personnel organization management, access control authorization, cross-domain authentication, etc. As applications become more complex, managing this information becomes more complex and difficult to control. Different users correspond to different application systems, and different application systems only perform authentica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/06H04L63/0815H04L63/0892H04L63/10H04L67/02H04L67/10
Inventor 孙立焦微玲吕祥孙伟华
Owner 东台城东科技创业园管理有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com