基于OAuth2.1的统一认证授权框架研究.pdfVIP

个人隐私保护与网络身份认证专题 D0l:10.12379/j.issn.2096-1057.2022.09.04 »... Issue on Personal Privacy Protection and CIA 基于OAuth2・ l的统一认证授权框架研究 郭晓字 fcW1,2 i(四川大学网络空间安全学院成都610207) “四川大学网络空间安全研究院成都610207) (guoxiaoyu® stu. scu. edu. cn) Research on an OAuth2.1-based Unified Authentication and Authorization Framework Guo Xiaoyu1 and Ruan Shuhua1,2 1 {School of Cyber Science and Engineering, Sichuan University, Chengdu 610207) 2 {Cyber Science Research Institute» Sichuan University, Chengdu 610207) Abstract With the development of enterprise informatization, there are more and more applications within the enterprise. To make better the access control management of applications in the enterprise, and users can access all the applications which are authorized after logging in once, it is essential to establish a unified, effective and secure authentication and authorization system. On the basis of studying the OAuth2.1 protocol, the paper proposes an OAuth2.1-based unified authentication and authorization framework. The framework includes three aspects: authentication, authorization, and security design・ The framework includes five functional modules • user­ application authentication, OAuth2.1 authorization, usei^application data management, authority management, and security risk detection. The feasibility and safety of the framework are analyzed. The results o£ the research are shown that the framework better reflects the need of establishing a unified, effective, and safe authentication and authorization system within the enterprise, and the framework has a wide range of practical guiding significance and value for the rapid establishment of a unified authentication and authorization system within the enterprise. Key words OAuth2.1 protocol； authentication； authorization； single sign-on； security risk de