(3.228.11.9) 您好!臺灣時間:2020/08/16 01:53
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
本論文永久網址: 
line
研究生:邱川柔
研究生(外文):Chiu, Chuan-Rou
論文名稱:雲端身份授權之網站單一登入研究
論文名稱(外文):Research on Cloud Web-Based Single Sign-On Identity Authorization
指導教授:楊政穎楊政穎引用關係
指導教授(外文):Yang, Cheng-Ying
口試日期:2016-07-12
學位類別:碩士
校院名稱:臺北市立大學
系所名稱:資訊科學系碩士在職專班
學門:工程學門
學類:電資工程學類
論文出版年:2016
畢業學年度:104
語文別:中文
論文頁數:78
中文關鍵詞:雲端運算單一登入身份驗證授權臉書谷歌微軟雲端目錄角色型存取控制多因素驗證OAuthOIDCSAMLSSL/TLS
外文關鍵詞:CloudSingle Sign-OnFacebookGoogleOAuthOIDCSSL/TLSSAMLRBACMFA
相關次數:
  • 被引用被引用:0
  • 點閱點閱:234
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:49
  • 收藏至我的研究室書目清單書目收藏:1
面對急劇全球化及高速化的時代趨勢,企業透過雲端化策略,以延伸服務的觸角並加快營運的步調,社群網路的臉書及谷歌,每月活躍使用人數已突破10億,雲端服務已經成為企業組織在競爭激烈的環境中,脫穎而出的重要關鍵。
鑒於雲端運算及社群網路是未來趨勢,整合社群網路臉書及谷歌帳號與微軟雲端目錄服務,可讓企業內外使用者透過社群網路及混合雲目錄帳號登入網站,統合Open Authorization (OAuth) 2.0與OpenID Connect (OIDC) 驗證授權通訊協定、Security Assertion Markup Language (SAML) 2.0驗證通訊協定、Secure Sockets Layer/Transport Layer Security (SSL/TLS)安全通道、角色型存取控制及多因素驗證等身份授權要素,可增加雲端網站其資訊安全的可用性、完整性與機密性。
本研究以企業導入雲端網站為前提,提出一個高可用性、安全性及可彈性延展的網站單一登入混合雲身份授權系統架構。針對系統架構整理出具體的評估程序,歸納整理並推導嚴謹的雲端身份授權網站單一登入的系統策略。此系統架構策略準則,可做為未來企業導入雲端身份授權網站單一登入的參考,可解決使用者一再輸入認證資料的問題,可減少學習成本、提高系統親合力、工作產能與效率,對內可簡化與集中資訊管理,對外能使企業組織迎向雲端服務的商業環境。
For the coming era of high-speed networking, there are many enterprises promoting their competitive ability with cloud computing. In the clouding computing, there are a lot of applications including email service, storage, searching engines and social activities. Google provides a search engine service and other services in the net. On the other hand, Facebook website is a famous one in the social networking. Both Google and Facebook have over billions users within the networking. In order to give a convenience to those users to use the enterprising websites, Single Sign-On scheme is proposed for this purpose.
Within the cloud computing, integrating social network account and Microsoft Azure Active Directory (AD) to be a unit, Single Sign-On scheme allows the specific users to login to both sites without a different account. With Open Authorization(OAuth) 2.0 & OpenID Connect(OIDC), Security Assertion Markup Language(SAML) 2.0, Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocols, the secure connection could be built between the enterprise website and the user. Users could be authenticated with Role-Based Access Control(RBAC) and Multi-Factor Authentication(MFA) schemes. With these secure schemes, the security including Availability, Integrity and Confidentiality could be promoted to make sure to meet the information security requirements.
In this thesis, the work concentrates on the object to create a platform for the enterprise to provide the user with a single sign-on environment. This work includes integrate Microsoft Azure AD, accounts with Google and Facebook websites and AD in the enterprise to be a unit for Single Sign-On. To increase the security, the work sets up the access control authentication with RBAC and MFA schemes. Finally, this work gives some commends to the companies which desire to create a Single Sign-on in the cloud computing.
論文口試通過證明 i
謝誌 iii
摘要 v
Abstract vii
目次 ix
表次 xi
圖次 xiii

第一章 緒論 1
第一節 研究背景 1
第二節 研究動機 2
第三節 研究目的 3

第二章 文獻探討 5
第一節 雲端運算 5
第二節 通訊協定 11
第三節 存取控制 16
第四節 身份驗證 19
第五節 單一登入 24
第六節 相關研究 27

第三章 技術分析 33
第一節 雲端平台 33
第二節 驗證授權流程 41
第三節 角色存取控制 43
第四節 研究設計 44

第四章 雲端網站實務應用 49
第一節 研究範圍 49
第二節 系統架構 51
第三節 系統建置 54

第五章 系統評估 69
第一節 單一登入評估 69
第二節 相關研究比較 72

第六章 結論與建議 73
第一節 結論 73
第二節 建議 74

參考文獻 75

[1] Gartner 談數位政府10大趨勢, 取自 http://www.ithome.com.tw/news/97591, 2015
[2] Microsoft Azure Active Directory, Retrieved at https://azure.microsoft.com/en-us/documentation/articles/active-directory-whatis/, 2016
[3] David S. Linthicum, Cloud computing and SOA convergence in your enterprise: a step-by-step guide, Pearson Education, 2009
[4] Information security, Retrieved at https://en.wikipedia.org/wiki/Information_security, 2016
[5] 黃秀卿, 建構在Web 環境下以XML為基礎的單一登入之設計與實作, 中華大學資訊工程學系碩士在職專班碩士論文, 2015
[6] Using an OpenID Connect provider as an OAuth 2.0 authorization server, Retrieved at http://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/rwlp_using_oidc_oauth_server.html, 2015
[7] OAuth From Wikipedia, Retrieved at https://en.wikipedia.org/wiki/OAuth, 2016
[8] 台灣網路資訊中心(TWNIC), 2014台灣寬頻網路使用調查, 取自 http://www.twnic.net.tw/NEWS4/135.pdf, 2014
[9] 聯合數位新聞網, Gmail、WhatsApp每月活躍人數達10億, 取自 http://udn.com/news/story/7088/1481941, 2016
[10] 2016年CIO大調查|企業雲端平台採用動向, 取自 http://www.ithome.com.tw/article/103825, 2016
[11] Login Security - Facebook Login, Retrieved at https://developers.facebook.com/docs/facebook-login/security, 2016
[12] Using OAuth 2.0 to Access Google APIs, Retrieved at https://developers.google.com/identity/protocols/OAuth2, 2016
[13] Active Directory - Access & identity – IdaaS Microsoft Azure, Retrieved at https://azure.microsoft.com/en-us/services/active-directory/, 2016
[14] 袁賢銘, Single Sign-On應用在CIM系統, 國立交通大學資訊學院資訊學程畢業論文, 2006
[15] 2H02 Metadirectory Service Market Magic Quadrant, 2002
[16] Hype Cycle for Cloud Computing, Retrieved at https://www.gartner.com/doc/3106717/hype-cycle-cloud-computing-, 2015
[17] 江政哲、張迺貞, “初探雲端運算”, 海峽兩岸圖書資訊學學術研討會論文集, B輯, 第37-52頁, 2010
[18] Mladen Vouk, “Cloud Computing - Issues, Research and Implementations,” Journal of Computing and Information Technology, Vol 16 (4), pp 235-246, 2008
[19] 魏伊伶, 核心能量的擴散-談Amazon雲端運算服務發展歷程與策略, 工業技術研究院產業經濟與趨勢研究中心, 2010
[20] P. Mell and T. Grance, The NIST Definition of Cloud Computing, NIST Special Publication 800-145, 2011
[21] J. Heiser and M. Nicolett, “Assessing the security risks of cloud computing,” Gartner Report, 2008
[22] 朱明中、黃建笙, 微軟Azure教戰手札–系統建置與管理篇, 碁峰資訊, 2015
[23] 陳聖棋、黃永婷, “企業組織資訊系統採用雲端運算之設計研究”電腦稽核期刊, 第二十七期, 第112-122頁, 2013
[24] 楊欣哲、陳柔穎、謝永明, “企業雲端化移轉的關鍵成功因素之探討”中華民國資訊管理學報, 第二十二卷, 第三期, 第317-352頁, 2015
[25] Azure 概觀 - 4大情境, 取自 http://1drv.ms/1Grmssi, 2015
[26] Communications protocol, Retrieved at https://en.wikipedia.org/wiki/Communications_protocol, 2016
[27] OpenID, Retrieved at https://en.wikipedia.org/wiki/OpenID, 2016
[28] D. Hardt, The oauth 2.0 authorization framework, Retrieved at http://tools.ietf.org/html/rfc6749, 2012
[29] S. T. Sun and K. Beznosov, “The devil is in the (implementation) details: an empirical analysis of OAuth sso systems,” Proceedings of 2012 ACM conference on Computer and communications security , pp. 378-390, 2012
[30] 時子慶、劉金蘭、譚曉華, “基於OAuth 2.0的認證授權技術”計算機系統應用, 第二十一卷, 第三期, 第260-264頁, 2012
[31] OpenID Connect Core 1.0, Retrieved at http://openid.net/specs/openid-connect-core-1_0.html, 2014
[32] Identity 2.0, Retrieved at https://en.wikipedia.org/wiki/Identity_2.0, 2016
[33] JSON Web Token (JWT), Retrieved at http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html, 2015
[34] Security Assertion Markup Language (SAML) V2.0 Technical Overview, Retrieved at http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html, 2008
[35] Transport Layer Security, Retrieved at https://en.wikipedia.org/wiki/Transport_Layer_Security, 2016
[36] Transport Layer Security(TLS), Retrieved at https://datatracker.ietf.org/wg/tls/documents/, 2016
[37] 朱建達, 建立於公開金鑰基礎建設的單一簽入系統, 國立交通大學資訊科學系碩士論文, 2000
[38] D. C. Latham, “Department of defense trusted computer system evaluation criteria,” Department of Defense, 1986
[39] R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youman, “Role-based access control models,” IEEE Computer, Vol.29, No.2, pp. 38-47, 1996
[40] G. Zhao and D. W. Chadwick, “On the modeling of bell-lapadula security policies using RBAC,” Proceedings of IEEE 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 257-262, 2008
[41] 李家潤, 網路服務存取控制研究與實作, 國立東華大學資訊工程學系碩士論文, 2014
[42] RFC 1487, Retrieved at http://www.rfc-editor.org/info/rfc1487, 1993
[43] R. Wonohoesodo and Z. Tari, “A role based access control for web services,” Services Computing, 2004.(SCC 2004), Proceedings, 2004 IEEE International Conference, pp. 49-56, 2004
[44] 李長庚, 一個開放的 Web-Based Single Sign-On 服務架構, 國立交通大學資訊管理所碩士論文, 2002
[45] Multi-factor Authentication, Retrieved at http://blogs.technet.com/b/twsecurity/archive/2015/09/08/mfa.aspx, 2015
[46] Single Sign-On, Retrieved at https://en.wikipedia.org/wiki/Single_sign-on, 2016
[47] 林孟勳, 結合RBAC授權之網站單一簽入機制研究, 世新大學管理學院資訊管理學系碩士學位論文, 2006
[48] T. Nykänen, Secure Cross-Platform Single Sign-On Solution for the World-Wide Web, Department of Computer Science and Engineering, Helsinki University Of Technology, 2002
[49] 吳宜錚, 雲端環境下結合RBAC之單一登入機制, 中華大學資訊管理學系碩士論文, 2012
[50] 黃韋智, 應用OAuth 2.0於校園資訊系統, 大同大學資訊經營研究所碩士論文, 2014
[51] 黃保太, 一種整合 OpenID 與校園網路芳鄰服務之新單一登入機制, 國立交通大學理學院科技與數位學習學程碩士論文, 2014
[52] Service-level agreement, Retrieved at https://en.wikipedia.org/wiki/Service-level_agreement, 2016
[53] 資訊系統分級與資安防護基準作業規定, 取自 http://www.nicst.ey.gov.tw/Upload/RelFile/2419/728155/b4db58e9-531e-402a-969d-ac71b5845edc.pdf, 2015
[54] Active Directory Federation Services, Retrieved at https://technet.microsoft.com/zh-tw/library/mt150253.aspx, 2016
[55] Gartner names Microsoft Azure a leader in a PaaS, Retrieved at https://azure.microsoft.com/en-us/blog/microsoft-azure-named-a-leader-in-gartner-s-enterprise-application-platform-as-a-service-magic-quadrant-for-the-third-consecutive-year/, 2016
[56] Microsoft Build 2016, Retrieved at https://channel9.msdn.com/Events/Build/2016/KEY02, 2016
[57] Azure Web Apps, Retrieved at https://azure.microsoft.com/zh-tw/documentation/articles/app-service-web-overview/, 2016
[58] DNN CMS Platform, Retrieved at http://www.dnnsoftware.com/,2016
[59] Facebook Developers WebSits, Retrieved at https://developers.facebook.com/, 2016
[60] Google Developers WebSits, Retrieved at https://console.developers.google.com/, 2016
[61] Hybrid Identity Design Considerations Guide, Retrieved at https://gallery.technet.microsoft.com/Azure-Hybrid-Identity-b06c8288, 2015
[62] Microsoft Identity Manager 2016, Retrieved at https://technet.microsoft.com/zh-tw/library/mt150253.aspx, 2016
[63] 應用程式專用 Facebook 登入, 取自http://developers.facebook.com/docs/authentication, 2016
[64] Google Sign-In, Retrieved at https://developers.google.com/identity/, 2016
[65] Authorize access to web applications using OAuth 2.0 and Azure Active Directory, Retrieved at https://azure.microsoft.com/documentation/articles/active-directory-protocols-oauth-code/, 2016
[66] Time-sharing, Retrieved at https://en.wikipedia.org/wiki/Time-sharing
[67] High availability, Retrieved at https://en.wikipedia.org/wiki/High_availability
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔