以SAML及區域屬性為基礎的權限控制

Abstract

在網路上有著許多的網路服務。一般來說，在使用者要求服務時，需要藉由伺服器做身份確認的動作。使用者可能具有不同等級的權限，而系統必需提供一個方式來做為權限的管理。在這篇論文中，我們提出一個方式，利用SAML這個W3C提出的標準來解決這個問題。藉由使用SAML，使用者可以在同一個帳號之下，利用送出的屬性，讓系統決定使用者的權限，同時使用者也可以獲得SAML帶來的單一登入便利性。

There are many web services on Internet. In general used cases, users need to be authenticated and authorized by a server before a server providing services. There may be many levels of authorities for accounts in a system and they are necessary to provide a scheme to manage the authorities of accounts for management purposes. In this thesis, we propose a method to solve this problem by using SAML, which is announced and supported by W3C alliance, as an open standard base on XML. By using SAML, people can give account different authorities that are decided by the attributes from user’s location (or other relative information). Also people would get benefits of SAML for Single sign on by building a loosely-coupled system.