Unified Identity Authentication between Heterogeneous Systems Based on LDAP and RBAC

To solve the problems of unified identity authentication between heterogeneous application systems that emerged in the procedure of informatization construction. The paper presents a 3-tier architecture solution that contains user tier, unified authentication tier and application system tier to realize unified identity authentication between legacy system and new application system. For legacy systems, the paper presents a method of double authentication that users firstly log on unified identity authentication system for unified identity validation, then securely transmit authenticated unified identity information and simulate the authentication progress via the authentication mechanism of legacy systems for permission distributing. For new application systems, the paper presents a method of centralized authentication through a relatively independent Role Based Access Control (RBAC) identity authentication model that consists of organization, user, role and permission entries to realize the logical separation of users and access permission, then designs a Directory Information Tree (DIT) structure based on the RBAC model for permissions distributing and access controlling.