关键词: 身份管理, 身份联合, 互操作, 网络安全, 鉴别, 授权

Abstract: With the advent of the era of electronic authentication 2.0, the boundaries of identity management have evolved and been gradually broken, and the interconnection between identity management services through the identity federation frame has become the main mode of current network applications. A range of identity federation schemes and standards such as SAML, OpenID, OAuth, FIDO have emerged. Most of the highest visited websites and the most used mobile APPs in China provide identity federation services or support for to login through accounts of other applications. However, the current identity federationrelated implementations are bound to a specific single identity federation scheme, and there is no mutual reference between different identity federation schemes. In order to solve this problem, first of all, the existing identity federation scheme and standards are analyzed, and the different functions that identity management system can achieve when performing identity federation operation are proposed as the identity federation interoperability capability of identity management system; Then, for these capabilities, the function and security requirements that identity management system should have possessed and realizedand , and finally, taking the OpenID as an example, the application method of the proposed requirement in the actual identity federation process is given, which verified the availability of relevant requirements.

Key words: identity management, identity federation, cooperation, network security, authentication, authorization