Çѱ¹Á¤º¸Åë½ÅÇÐȸ ³í¹®Áö (Journal of the Korea Institute of Information and Communication Engineering)
Current Result Document : 2 / 2
| ÇѱÛÁ¦¸ñ(Korean Title) |
±¹³» ÀÚ¹Ù À¥ ÀÀ¿ëÀ» À§ÇÑ SAML ¼ÒÇÁÆ®¿þ¾îÀÇ °³¹ß |
| ¿µ¹®Á¦¸ñ(English Title) |
Development of SAML Software for JAVA Web Applications in Korea |
| ÀúÀÚ(Author) |
Á¶Áø¿ë
俵ÈÆ
°øÁ¤¿í
Jinyong Jo
Yeonghun Chae
JongUk Kong
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 23 NO. 09 PP. 1160 ~ 1172 (2019. 09) |
Çѱ۳»¿ë
(Korean Abstract) |
¿¬ÇÕÀÎÁõÀº ´Ù¼öÀÇ º¸¾Èµµ¸ÞÀÎ °£¿¡ Àû¿ëµÇ´Â »ç¿ëÀÚ ÀÎÁõ ¹× Àΰ¡Ã¼°èÀÌ´Ù. ¿¬±¸ ¹× ±³À° ºÐ¾ß¿¡¼ È°¿ëµÇ°í ÀÖ´Â ´Ù¼öÀÇ ±¹¿Ü À¥ ÀÀ¿ë¼ºñ½ºµéÀº Ç¥ÁØÈµÈ »ç¿ëÀÚ ÀÎÁõ¹æ½ÄÀ¸·Î SAML(Security Assertion Markup Language) ±â¹ÝÀÇ ¿¬ÇÕÀÎÁõÀ» äÅÃÇÏ°í ÀÖ´Ù. ÇÏÁö¸¸ ±¹³»´Â °ø°³ SAML ¼ÒÇÁÆ®¿þ¾î¸¦ ÀÌ¿ëÇϱâ Èûµç ƯÁ¤ À¥ ¼¹ö³ª À¥ ÀÀ¿ë ¼¹öÀÇ ½ÃÀå Á¡À¯À²ÀÌ ³ô°í ÀüÀÚÁ¤ºÎ Ç¥ÁØÇÁ·¹ÀÓ¿öÅ© ±â¹ÝÀÇ Java À¥ ÀÀ¿ëÀÌ ¸¹±â ¶§¹®¿¡ ¿¬ÇÕÀÎÁõ ±â¼úÀ» Àû¿ëÇϱ⠾î·Á¿î »óȲÀÌ´Ù. º» ³í¹®Àº Java ±â¹ÝÀÇ À¥ ÀÀ¿ë°³¹ß ȯ°æ¿¡¼ ¿¬ÇÕÀÎÁõ ±â¼úÀ» ½±°í ¾ÈÀüÇÏ°Ô È°¿ëÄÉ ÇÒ ¸ñÀûÀ¸·Î °³¹ßµÈ SAML4J ¼ÒÇÁÆ®¿þ¾î¸¦ ¼Ò°³ÇÑ´Ù. SAML4J´Â °³¹ß ÇÁ·¹ÀÓ¿öÅ©¿¡ µ¶¸³ÀûÀÎ ¼¼¼Ç ÀúÀå¼Ò¸¦ Áö¿øÇÏ°í API¸¦ ÅëÇØ Web SSO Ç÷ο츦 ó¸®ÄÉ ÇÔÀ¸·Î½á °³¹ßÀÚ Ä£ÈÀûÀÎ ÀåÁ¡ÀÌ ÀÖ´Ù. ³×Æ®¿öÅ· Å×½ºÆ®º£µå¸¦ ±¸¼ºÇÏ°í °³¹ßÇÑ ¼ÒÇÁÆ®¿þ¾îÀÇ ±â´É°ú ¼º´É, È®À强 ¹× º¸¾È¼º¿¡ ´ëÇؼ °ËÁõÇÔÀ¸·Î½á SAML4JÀÇ ³ôÀº È°¿ë°¡´É¼ºÀ» È®ÀÎÇÑ´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Federated authentication is a user authentication and authorization infrastructure that spans multiple security domains. Many overseas Web applications have been adopting SAML-based federated authentication. However, in Korea, it is difficult to apply the authentication because of the high market share of a specific Web (application) server, which is hard to use open-source SAML software and the high adoption of Java-based standard framework which is not easy to integrate with SAML library. This paper proposes the SAML4J, which is developed in order to have Web applications easily and safely integrated with the Java-based framework. SAML4J has a developer-friendly advantage of using a session storage independent of the framework and processing Web SSO flows through simple API. We evaluate the functionality, performance, and security of the SAML4J to demonstrate the high feasibility of it. |
| Å°¿öµå(Keyword) |
SAML
SOAP
ÀÚ¹Ù
½ºÇÁ¸µ ÇÁ·¹ÀÓ¿öÅ©
°èÁ¤¿¬ÇÕ
SAML
SOAP
Java
Spring framework
Identity Feder
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
