|
US$629.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 30275-2013: Information security technology -- Authentication and authorization -- Authentication middleware framework and interface specification
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 30275-2013 | English | 629 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology -- Authentication and authorization -- Authentication middleware framework and interface specification
| Valid |
GB/T 30275-2013
|
PDF similar to GB/T 30275-2013
Basic data | Standard ID | GB/T 30275-2013 (GB/T30275-2013) | | Description (Translated English) | Information security technology -- Authentication and authorization -- Authentication middleware framework and interface specification | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 27,213 | | Quoted Standard | GB/T 9387.2-1995; GB/T 15843.1-2008; GB/T 18794.2-2002; GB/T 25069-2010 | | Regulation (derived from) | National Standards Bulletin 2013 No. 27 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | | Summary | This standard specifies the authentication middleware system framework, components, functions and common interface, and gives certified middleware workflow. This standard applies to certified middleware and components design, development, and guide the de | GB/T 30275-2013: Information security technology -- Authentication and authorization -- Authentication middleware framework and interface specification
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology. Authentication and authorization. Authentication middleware framework and interface specification
ICS 35.040
L80
National Standards of People's Republic of China
Information Security Technology Authentication and Authorization
Authentication middleware framework and interface specifications
Issued on. 2013-12-31
2014-07-15 implementation
Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
Standardization Administration of China released
Table of Contents
Preface Ⅰ
Introduction Ⅱ
1 Scope 1
2 Normative references 1
3 Terms and definitions
4 Abbreviations 2
5 certified middleware Goal 3
5.1 Functional Objective 3
5.2 non-functional target 3
5.3 Safety Goal 3
6 Authentication middleware framework 3
6.1 Overview 3
6.2 middleware authentication mode 5
6.3 Component description 6
6.4 Identification assertion 7
Relationship 6.5 certified middleware and application systems 7
6.6 Authentication middleware and service-oriented architecture 7
7 component specification 8
7.1 Authentication middleware management component 8
7.2 authentication component 10
7.3 single sign-on module 12
7.4 Privacy assembly 15
7.5 attribute query component 16
Appendix A (informative) Certification middleware workflow 18
References 22
Foreword
This standard was drafted in accordance with GB/T 1.1-2009 given rules.
This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points.
Some content of this document may involve patents, the issuing authority of this document does not assume responsibility for the identification of these patents.
This standard is mainly drafted by. Institute of Software, Chinese Academy of Sciences and Data Communication Protection Research and Education Center, Beijing number
Word Certificate Authority Limited.
The main drafters of this standard. Xu Jing, FENG Deng, Jingji Wu, Zhang Liwu, Zhang Yan, Li Qiang, Yang Jing, Zhang Zhenfeng, Zhan Banghua, Yan Shi.
Introduction
Authentication security system is one of the most basic security feature is the primary security needs of the vast majority of information systems. However, with long-term
To closely combine security features with specific business enables application developers often consider business functions but also need to consider security
To achieve full functionality. Because not all developers have a comprehensive safety knowledge, this is not only time consuming, it can not guarantee safety
Complete the implementation of full-featured. Therefore, the safety function, especially authentication function and business functions stripped way for middleware applications
The system provides specialized security is the development trend of the field of security.
In addition, since each system is the lack of standardized interfaces identification and reference models in the construction process, between different systems are not compatible and can not be
Interconnection, resulting in a large number of duplicate development and construction waste. At the same time more difficult to further system integration.
Therefore, China's urgent need to develop authentication middleware framework and interface specifications of the authentication process information system for standardization. thereby
Enhance the interoperability of information systems, and promote the development and promotion of middleware certification, from a macro point of view will also help promote China's information
Security system.
The main objective of this standard is to provide a certified middleware framework specification and component descriptions, identification and implementation process to be standardized,
However, to make this standard better and operability can be realized, this standard at the same time a number of common interfaces defined so as real
Current reference, these definitions do not affect this standard certified middleware framework versatility. In practice, according to the demand for these pick
Port for further specification.
Information Security Technology Authentication and Authorization
Authentication middleware framework and interface specifications
1 Scope
This standard specifies the authentication middleware framework, components, functions and common interface, and gives certified middleware workflow.
This standard applies to certified middleware and components design, development, and guide the development of testing and related applications that type of system.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein
Member. For undated references, the latest edition (including any amendments) applies to this document.
GB/T 9387.2-1995 Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2. Security Architecture
GB/T 15843.1-2008 Identification Information technology - Security techniques - Entity Part 1. Overview
GB/T 18794.2-2002 Information technology - Open Systems Interconnection - Security frameworks for open systems - Part 2. Authentication framework
GB/T 25069-2010 Information security technology terms
3 Terms and Definitions
GB/T 9387.2-1995, GB/T 15843.1-2008, GB/T 18794.2-2002 and GB/T 25069-2010 defined
The following terms and definitions apply to this document.
3.1
Relying Party relyingparty
According to information obtained from the other entity to determine how the system operation entities.
Note. Applications such as authentication systems rely on middleware for user authentication.
3.2
Assertion assertion
To the relying party credible statement contains the user identity information may also contain proven properties.
Note. The assertion may be digitally signed, or through a secure protocol to obtain from a trusted source.
3.3
Property attribute
Collectively and nature of the relationship between the target object.
3.4
Identification authentication
The process of establishing trust between the user's identity.
3.5
Identification of key negotiation authenticatedkeyagreement
The two sides more than two parties or entities through interaction with each other to establish a trust relationship between identity and form a common secret key with
To protect the subsequent communication security.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 30275-2013_English be delivered?Answer: Upon your order, we will start to translate GB/T 30275-2013_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 30275-2013_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 30275-2013_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|