关键词: 应用服务提供商, 认证, 授权, 单点登录, 访问控制, 目录服务数据库

Abstract: To satisfy requirements from Application Service Providers (ASPs) on integrating different application systems into ASP platform, a light-weighted integration method was brought forward based on the unified security authentication technology. According to the method, all users identification and authorization information were stored in a Light-weight Directory Access Protocol (LDAP) based directory database, tokens were set to keep user sessions validity, policy agents were installed to protect all the application resources, and users access to these resources were granted and controlled centrally. Combining the use of tokens and policy agents, the problem of Single Sign On (SSO) among platforms and applications, especially SSO among cross-domains, could be solved. Finally, this method has been successfully implemented in, Shanghai Telecom Ideal Biz ASP Platform Project.

Key words: application service provider, authentication, authorization, single sign on, access control, directory database