[翻译练习]介绍Java中的CardSpace安全认证工具

原文:

--------------------------------------------

An Introduction to CardSpace Authentication in Java

 Summary
Originally introduced by Microsoft, CardSpace is a new authentication technology aimed to make it easier to share user identities across administrative domains. A recent Sun Developer Network article describes how to integrate CardSpace with Java applications.

Almost every enterprise application includes some sort of user authentication: Privileged operations, such as posting on an online forum, requires users to create a user account and then authenticate themselves prior to performing the privileged action.

Many authentication systems rely on users supplying a user name and password, a solution that not only requires users to remember their passwords for each site they frequent, but one whose security is tied to users' ability to safeguard their passwords.

OpenID, Liberty, and most recently CardSpace, also known as InfoCard, are but the latest attempts to solve this problem. In each system, some form of user identity is shared between sites requiring authentication. Users moving from one site to another, or even from their local machines to a Web site, don't have to login anew, but can instead re-use their existing login sessions.

Martin Gee's recent Sun Developer Network article, Securing Site Access With CardSpace and OpenSSO: An Overview, shows how to integrate CardSpace authentication into Java applications, using the open-source java.net project, cardspaceauthn:

A major benefit of InfoCard is that it can store and supply common attributes, known as claims, such as email and shipping addresses. Typically, claims are nonsensitive data that enables CardSpace-aware sites to transact services according to the InfoCard values. As part of the card selection process, Web sites that support InfoCards can mandate that users specify their claims...

In CardSpace's CardSelector, a virtual wallet [is] filled with cards that users create or that are issued to them through trusted sites. Upon arriving at a CardSpace-aware site, a user is prompted by the CardSelector to choose the appropriate InfoCard that reflects his or her relationship—customer, employee, and such—with the entity.

Gee explains in the article that some InfoCards are self-generated, and are likely issued by a business, while others are managed by trusted identity providers that can vouche for a user's identify.

Which of the increasing number of shared authentication system do you plan to support in your Java applications?

------------------------------------------------------

译文:

介绍Java中的CardSpace安全认证工具

Summary
CardSpace是一个新的安全认证技术,最初是由Microsoft发明的,主要目的是让跨管理域的用户认证共享实现变得简单. 最近Sun Developer Network上有一篇文章对如何把CardSpace集成到Java应用程序的问题进行了介绍.

几乎所有的企业程序都有这各种的用户安全认证:权限操作,例如在论坛里发表帖子,需要用户注册一个帐户,在执行需要安全认证的操作之前要认证自己的身份.

许多的认证系统都依赖于用户提供的用户名和密码,这种方案不仅要求用户去记住他们频繁访问的每个站点的密码,而且用户的保护自己密码的能力紧密的依赖于系统的安全能力.

OpenID, Liberty,以及最近的 CardSpace, 也被叫做 InfoCard, 是试图解决这个问题的最新尝试. 在各自的系统间,共享的某些用户身份数据是需要认证的. 用户从一个站点转移到另外一个站点,或者是从本地机器登录Web Site,不需要重新认证,而是重用现有的login sessions.

Martin Gee 最近在 Sun Developer Network上的一篇文章, Securing Site Access With CardSpace and OpenSSO: An Overview, 介绍了如何使用开源的 java.net 项目 cardspaceauthn ,将 CardSpace authentication 集成到Java应用程序中:

InfoCard的一个主要好处是它能够存储和提供通用属性,例如凭证,例如email 和 消费地址等, 通常,凭证是一些不敏感的数据,CardSpace-aware的站点可以根据InfoCard的值进行交互服务做为Card筛选过程的一部分,那些支持InfoCards的Web站点可以委托它们的用户指定自己的凭证...

在CardSpace's CardSelector里,有一个虚拟的钱包,里面装满了用户填写的卡片,或者是在跨站点是被给与的凭证. 当用户来到一个CardSpace-aware站点,CardSelector会提示用户选择一个适合的InfoCard来表明他或她同主体的关系--客户关系,雇员关系等等.

Gee在这篇文章里解释说,有些InfoCards可以自产生,就像是一个企业发布的一样,同时有些可以是由能够担保用户身份的受信供应者管理.