跨網域之校務單一登入系統

Abstract

隨著網際網路的急速發展，教育行政部門為了提供多元化的網路服務，紛紛開發以網頁為基礎的應用程式(Web-Based Application)來滿足使用者需求，但因每個網站系統開發平台或語言的不同，因此擁有各自的安全認證的機制，導致使用者在取得每一項服務前，均需提供系統不同的登入帳號、密碼等相關資訊，這對使用者來說是相當不便的；相對的，若使用者把所有服務網站的帳號、密碼都設成一樣，在安全上將會有相當大的風險。再者，國小行政人員每學年的工作通常都會有所調整及異動，面臨眾多網站的服務，行政人員往往無法有效管理登入的帳號及密碼，造成業務移交不順利。 本研究將針對以上問題，提出一種以網頁為基礎，且能達到跨網域之校務單一登入系統(Cross Domain School Administrative-affair Single sign-on System,CDSASS)，讓使用者只要通過一次身分認證，就可以取得不同網站系統的服務，而不需要再重複身分驗證的動作。另外，我們依照國小的行政運作體制，以角色為基礎的存取控制（Role_Based Access Control,RBAC）整合使用者、群組、團隊與角色的對應關係，讓業務帳號、密碼移交能夠更順利、簡便且任務執行上也更有效率。

With the rapid development of the Internet, educational and administrative departments in order to provide a wide range of Internet services, have developed a web-based applications to meet the needs of users, but each site or system development platform for the different language, have their own security authentication mechanisms, leading users to get each of the services, required a different account, password and other information, which the user is very inconvenient; As to, if all users of the site services account, password are set to the same, the security will be considerable risks. Furthermore, the primary school administrative staff of each school year, the work will normally be adjusted and changes facing the many sites of service, executives are often unable to effectively manage the login ID and password, resulting in the transfer of business is not smooth. This study will address the above problems, propose a web-based, and can achieve Cross Domain School Administrative-affair Single sign-on System. Let users only pass an identity authentication,can obtain the services of different sites, and does not need to repeat movements that the identity verifies again. In addition, we are according to the administrative operation system of the primary school, role-based access control combine users, groups, teams and corresponding relation of role, let business accounts, passwords to transfer more smooth and Easily, on the implementation of tasks more efficient.