| OpenStack 身份认证机制研究与改进 |
| |
| 引用本文: | 池亚平,王慧丽,元智博,张健,李欣. OpenStack 身份认证机制研究与改进[J]. 吉林大学学报(信息科学版), 2015, 33(6): 700-706. DOI: 10.3969/j.issn.1671-5896.2015.06.016 |
| |
| 作者姓名: | 池亚平 王慧丽 元智博 张健 李欣 |
| |
| 作者单位: | 1. 北京电子科技学院通信工程系, 北京100070; 2. 西安电子科技大学通信工程学院, 西安710071 |
| |
| 基金项目: | 中央高校基本科研业务费专项基金资助项目(YZDJ1202),中央高校基本科研业务费基金资助项目(328201537) |
| |
| 摘 要: | 针对OpenStack 认证机制缺乏细粒度鉴权、数据库利用率和数据安全性不足的问题, 在分析OpenStack 平台架构、虚拟机生成实例流程, 以及安全组件Keystone 与其他服务组件间的交互流程的基础上, 提出一个OpenStack 身份认证改进方案。该方案将LDAP(Lightweight Directory Access Protocol)、RBAC(Role-Based AccessControl)以及SSL/ TLS(Secure Sockets Layer/ Transport Layer Security)安全协议集成到Keystone 安全服务组件中,加强了OpenStack 对于用户和虚拟资源的身份管理的可扩展性和安全性。
|
| 关 键 词: | OpenStack 平台 Keystone 服务 基于角色访问控制 轻量级目录访问协议 认证机制 |
| 收稿时间: | 2015-04-24 |
Research and Improvement of OpenStack's Authorization Mechanism |
| |
| CHI Yaping,WANG Huili,YUAN Zhibo,ZHANG Jian,LI Xin. Research and Improvement of OpenStack's Authorization Mechanism[J]. Journal of Jilin University:Information Sci Ed, 2015, 33(6): 700-706. DOI: 10.3969/j.issn.1671-5896.2015.06.016 |
| |
| Authors: | CHI Yaping WANG Huili YUAN Zhibo ZHANG Jian LI Xin |
| |
| Abstract: | Based on the analysis of the interactive process between the OpenStack’s platform structure, generating process, security mechanism and other service components, an improved ID authentication project is proposed to solve the deficiency of fine-grained authentication, low-usage of database and security flaw of data. This project integrates the LDAP(Lightweight Directory Access Protocol), RBAC(Role-Based Access Control), and SSL/ TLS(Secure Sockets Layer/ Transport Layer Security) into Keystone service, which strengthens the performance of Opentack‘s cloud platform in the aspect of the extension and security of ID management. |
| |
| Keywords: | OpenStack Keystone service role-based access control(RBAC) lightweight directory access protocol(LDAP) authentication mechanism |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《吉林大学学报(信息科学版)》浏览原始摘要信息 |
|
点击此处可从《吉林大学学报(信息科学版)》下载全文 |
