Authentication and authorization

歐美數位資源存取管理聯盟及其Shibboleth系統運作之比較

序號 4
刊名 大學圖書館
年份 2011
出版月份 3月
卷期 Vol.15 No.1
作者 張迺貞;陳麗美
作者任職單位 大同大學通識教育中心助理教授;中央研究院地球科學研究所編審
摘要

為了改善數位資源存取管理問題,美國Internet2發展的Shibboleth存取管理系統,已漸漸被很多已開發國家使用。Shibboleth是一個依據標準的開放源碼套裝軟體,提供機關內或跨機關間的網頁單一登入(Single Sign-On,簡稱SSO)及屬性交換的架構,容許網站對個人存取線上數位資源時,使用單一以及機關所控制的辨識方法,並且以保護隱私的方式作確認性的授權決定, 讓使用者無接縫的存取機關內部與外部的資源,減少現行使用者在使用不同領域的多種資源時,必須局限在一個校園或要去維護多個密碼;並且為身分提供者及服務提供者簡化了身分管理及存取許可。本研究分析比較英國、美國、澳洲、以及瑞士四個國家的聯盟組織以及採用的技術與政策,進而分析探討就規劃臺灣的數位資源存取管理聯盟提出建議。

關鍵字 存取管理認證與授權
頁碼 68-86
全文 全文下載
DOI 10.6146/univj.2011.15-1.04
Review
Title A Comparative Study of Using Shibboleth for Access Management for Electronic Resources in Europe and the US
Author Naicheng Chang;Limei Chen
Author's title Assistant Professor, General Education Center, Tatung University;Librarian, the Institute of Earth Sciences, Academia Sinica
Abstract

In order to solve the electronic access problems, Shibboleth has been developed by Internet2 in U.S.A., and has become an emerging solution for access management of electronic resources in a growing number of developed countries. The Shibboleth system is a standard based, open source software package for web Single Sign-On (SSO) across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner, for Identify Providers (IdPs) and Service Providers (SPs) simplify identity management and access permission. This study compares the organization structures, technologies and policies adopted by four federations: InCommon (USA), UK Federation, Australian Federation, and SWITCHaai (Switzerland). The comparison leads to further analysis and suggestion for a federation system model for future development of digital archives in Taiwan.

Keywords Access managementAuthentication and authorizationShibboleth
fulltext 全文下載
DOI 10.6146/univj.2011.15-1.04
訂閱文章