Author_Institution :
Sch. of Comput. Sci. & Technol., Soochow Univ., Suzhou, China
Abstract :
Web information systems are now widely used. These systems generally provide specific service in accordance with users´ identities. To use these services, users are required to conduct identity authentication separately when logging in different web applications and systems. For the sake of security and access control, it is infeasible to use a unique common identifier and password for all systems. To achieve single sign on, we propose an authentication agent for web-based system which is called AA4WS. AA4WS can be installed in client side as a plug-in. It gets user´s POST data when first time logging in some web application system, stores the data, interacts with the authentication agent server through web service, and simulates login procedure, therefore eliminating user´s manual identity authorization and achieving unified identity authorization. AA4WS also achieves security in information storing, conveying, processing, updating and managing, and obtains efficiency as well, without adding additional service response time. AA4WS communicates with authentication agent server via web service by SOAP, making the system have characteristics of excellent generality.
Keywords :
Web services; authorisation; multi-agent systems; AA4WS; SOAP; Web information systems; access control; authentication agent; information conveying; information processing; information storing; login procedure; web service; web-based system; Access control; Authentication; Authorization; Data security; Databases; Information security; Internet; Monitoring; Web server; Web services; access control; authentication; plug in; single sign on; web service;
