能力开放平台中鉴权子系统关键技术的设计与实现
|
摘要
随着移动互联网浪潮的到来,为了延伸互联网上已有的优势,整合系统资源,提高用户粘合度,开放平台的概念首先由互联网巨头提出。目前,国内外的互联网企业都在积级构建自有的开放平台,以在这一波浪潮中抢占先机。在这一趋势下,任何回避移动互联网的开放性和开发者社区建设的行为都是短视的。因此,传统的电信运营商为了避免逐步沦为单一的数据管道,也开始尝试推出自身的开放平台,以应对这一轮危机与挑战。
OMP(Open Mobile Platform)是中国移动提出的为了满足移动互联网业务发展需求的能力开放平台。它是一个开放的、基于标准的综合平台,整合了互联网和电信基础能力,对外提供能力API(Application Programming Interface),对内又可作为一个运营管理平台。对于第三方开发者而言,它提供了完整的应用发布和运行的环境;对于普通用户而言,它支撑了应用商场这一便捷的应用购买平台;对于移动运营商而言,它拥有全面统一的运行管理功能。因为OMP本质是在电信网络基础上为适应绑定了特定能力的移动互联网应用的运行而提出的附加网络设施,它涉及的关键技术有OpenAPI的设计以及能力开放后的运营、安全认证、计费等技术方案。
作为一个电信网和互联网业务融合平台的运行引擎,OMP的网络架构和开放技术有其独特之处。本文主要关注鉴权子系统(AUS,即Authentication System),阐述了AUS的总体架构、基本模块和业务设计,进而分析了其中涉及的关键技术的设计和实现方案。第一章叙述了国内外开放平台的发展情况,进而引出了电信能力开放平台和OMP的概念。第二章详细介绍了鉴权子系统的架构设计、协议接口、功能模块和几大基本的业务类型。第三章解析了设计AUS时采用的几个关键技术方案:保证系统高可用的解决方案(负载均衡、过载控制等)、能力开放中的安全认证机制(终端环境中)、增加应用内计费能力后业务的扩展设计。第四章首先独自对AUS进行了性能测试,分析了目前的性能瓶颈;之后进行了OMP全平台的时延测试,分析了各模块间的时延统计结果。第五章指出了一些遗留的问题,为下步的工作指明了一点方向。
能力开放平台尚是一个比较新颖的课题,虽然OMP的设计和实现已初步完成,目前平台的测试和运行情况也基本满足了业务的需求,但随着业务发展,进一步提升的空间还很大。
With the advent of the mobile Internet, in order to extend the advantages already existing on the Internet, integrate system resources, and improve user adhesion, open platform concept was first proposed by the Internet giant. At present, both domestic and foreign Internet companies are urged to build their own open platform, in order to seize the initiative in this technology wave. In this condition, any evasive action on the openness of the Internet and the developer community building are short-sighted. Meanwhile, in order to avoid gradually becoming a data pipe, traditional telecom operators also begin to try to launch their own open platform to face the upcoming crisis and challenges.
OMP (Open Mobile Platform) is an open platform designed by China Mobile Communications Corporation in order to meet the needs of mobile Internet business. It is an open, standards-based integrated platform for the integration of Internet and telecommunications infrastructure, providing OpenAPI and also acting as an operation and management platform. For third-party developers, it provides a complete application publishing and running environment; for ordinary users it supports applications mall where applications can be purchased conveniently; for mobile operators, it has comprehensive operation and management functions. OMP is essentially a additional network facility and a running engine to support the running of mobile Internet applications bounding specific capacities based on the telecommunications network. And it involves key technologies such as the design and implementation of OpenAPI as well as the ability of operation, safety certification and charging.
As a running engine of an integrative platform of the telecommunication network and Internet business, the network architecture and open technology of OMP are unique. This article focuses on authentication subsystem (AUS), elaborating on AUS architecture, services management module, and then analyzing the key technologies involving the design and implementation of this program. The first chapter describes the development of open platform both domestic and international, and thus leads to the concept of the telecommunications open platform and OMP. The second chapter describes the the authentication subsystem architecture, the protocol interfaces, function modules, and a few basic services. Chapter III analyses several key technical solutions while designing AUS:solution to ensure system's high availability (load balancing, overload control, etc.), security authentication mechanism (in the terminal environment), design of service expansion while adding In-App Purchase capacity. In Chapter4we first do AUS performance testing and analysis of the current performance bottlenecks; then we do time-delay testing of the whole OMP platform, analysis of the statistics of the time delay between each module. Chapter five states some legacy issues, pointing the direction for the next phase of work.
The research on open the platform is still a relatively new topic. Though the design and realization of the OMP has completed and the testing and operation result of the platform basically meet the current needs, with the development of service, there still exists huge space to further enhance.
OMP(Open Mobile Platform)是中国移动提出的为了满足移动互联网业务发展需求的能力开放平台。它是一个开放的、基于标准的综合平台,整合了互联网和电信基础能力,对外提供能力API(Application Programming Interface),对内又可作为一个运营管理平台。对于第三方开发者而言,它提供了完整的应用发布和运行的环境;对于普通用户而言,它支撑了应用商场这一便捷的应用购买平台;对于移动运营商而言,它拥有全面统一的运行管理功能。因为OMP本质是在电信网络基础上为适应绑定了特定能力的移动互联网应用的运行而提出的附加网络设施,它涉及的关键技术有OpenAPI的设计以及能力开放后的运营、安全认证、计费等技术方案。
作为一个电信网和互联网业务融合平台的运行引擎,OMP的网络架构和开放技术有其独特之处。本文主要关注鉴权子系统(AUS,即Authentication System),阐述了AUS的总体架构、基本模块和业务设计,进而分析了其中涉及的关键技术的设计和实现方案。第一章叙述了国内外开放平台的发展情况,进而引出了电信能力开放平台和OMP的概念。第二章详细介绍了鉴权子系统的架构设计、协议接口、功能模块和几大基本的业务类型。第三章解析了设计AUS时采用的几个关键技术方案:保证系统高可用的解决方案(负载均衡、过载控制等)、能力开放中的安全认证机制(终端环境中)、增加应用内计费能力后业务的扩展设计。第四章首先独自对AUS进行了性能测试,分析了目前的性能瓶颈;之后进行了OMP全平台的时延测试,分析了各模块间的时延统计结果。第五章指出了一些遗留的问题,为下步的工作指明了一点方向。
能力开放平台尚是一个比较新颖的课题,虽然OMP的设计和实现已初步完成,目前平台的测试和运行情况也基本满足了业务的需求,但随着业务发展,进一步提升的空间还很大。
With the advent of the mobile Internet, in order to extend the advantages already existing on the Internet, integrate system resources, and improve user adhesion, open platform concept was first proposed by the Internet giant. At present, both domestic and foreign Internet companies are urged to build their own open platform, in order to seize the initiative in this technology wave. In this condition, any evasive action on the openness of the Internet and the developer community building are short-sighted. Meanwhile, in order to avoid gradually becoming a data pipe, traditional telecom operators also begin to try to launch their own open platform to face the upcoming crisis and challenges.
OMP (Open Mobile Platform) is an open platform designed by China Mobile Communications Corporation in order to meet the needs of mobile Internet business. It is an open, standards-based integrated platform for the integration of Internet and telecommunications infrastructure, providing OpenAPI and also acting as an operation and management platform. For third-party developers, it provides a complete application publishing and running environment; for ordinary users it supports applications mall where applications can be purchased conveniently; for mobile operators, it has comprehensive operation and management functions. OMP is essentially a additional network facility and a running engine to support the running of mobile Internet applications bounding specific capacities based on the telecommunications network. And it involves key technologies such as the design and implementation of OpenAPI as well as the ability of operation, safety certification and charging.
As a running engine of an integrative platform of the telecommunication network and Internet business, the network architecture and open technology of OMP are unique. This article focuses on authentication subsystem (AUS), elaborating on AUS architecture, services management module, and then analyzing the key technologies involving the design and implementation of this program. The first chapter describes the development of open platform both domestic and international, and thus leads to the concept of the telecommunications open platform and OMP. The second chapter describes the the authentication subsystem architecture, the protocol interfaces, function modules, and a few basic services. Chapter III analyses several key technical solutions while designing AUS:solution to ensure system's high availability (load balancing, overload control, etc.), security authentication mechanism (in the terminal environment), design of service expansion while adding In-App Purchase capacity. In Chapter4we first do AUS performance testing and analysis of the current performance bottlenecks; then we do time-delay testing of the whole OMP platform, analysis of the statistics of the time delay between each module. Chapter five states some legacy issues, pointing the direction for the next phase of work.
The research on open the platform is still a relatively new topic. Though the design and realization of the OMP has completed and the testing and operation result of the platform basically meet the current needs, with the development of service, there still exists huge space to further enhance.
引文
[1]The Guardian. The Guardian Open Platform.http://www.guardian.co.uk/open-platform/
[2]姜峰、张潮,基于开放标准的移动互联网应用支撑平台,电信技术,2011年1月,第1期,P40-42
[3]吴钢,移动互联网时代电信运营商的商业模式——能力开放,信息通信技术,2011年7月,第5卷第1期,P24-28
[4]中国移动通信集团公司,能力开放引擎总体技术要求V0.3-110328,2011年3月
[5]耿方,电信能力开放平台鉴权系统的设计与实现,硕士学位论文,北京邮电大学,2012年1月
[6]刘宇昆,融合通信业务中XDM服务器的设计与实现,硕士学位论文,北京邮电大学,2010年1月
[7]杨妙,IDP平台负载均衡技术的研究与实现,硕士学位论文,北京邮电大学,2010年1月
[8]郭欣,构建高性能web站点,电子工业出版社,2009年8月
[9]黄海,廖建新,朱晓民,IMS实时计费系统集群的负载均衡研究,高技术通讯,2009年,第19卷第11期,pp1117-1123
[10]韩阜业,孟庆轩,微博系统架构的可信性研究,信息网络安全,2011年8月,第8期,P18-21
[11]Cay Horsttnann, Core Java Volume II Advanced Features,8th Edition, Sun Microsystems Press,2007
[12]HOTP:An HMAC-Based One-Time Password Algorithm, IETF rfc4226,2005
[13]Format of Internet Message Bodies, IETF rfc2045,1996
[14]刘建伟,李晖,马建峰,一种适用于HOTP的一次口令生成算法,西安电子科技大学学报(自然科学版),第33卷,pp.650-655,2006年8月
[15]中国移动OMP应用内计费规范v2.0-20120104
[2]姜峰、张潮,基于开放标准的移动互联网应用支撑平台,电信技术,2011年1月,第1期,P40-42
[3]吴钢,移动互联网时代电信运营商的商业模式——能力开放,信息通信技术,2011年7月,第5卷第1期,P24-28
[4]中国移动通信集团公司,能力开放引擎总体技术要求V0.3-110328,2011年3月
[5]耿方,电信能力开放平台鉴权系统的设计与实现,硕士学位论文,北京邮电大学,2012年1月
[6]刘宇昆,融合通信业务中XDM服务器的设计与实现,硕士学位论文,北京邮电大学,2010年1月
[7]杨妙,IDP平台负载均衡技术的研究与实现,硕士学位论文,北京邮电大学,2010年1月
[8]郭欣,构建高性能web站点,电子工业出版社,2009年8月
[9]黄海,廖建新,朱晓民,IMS实时计费系统集群的负载均衡研究,高技术通讯,2009年,第19卷第11期,pp1117-1123
[10]韩阜业,孟庆轩,微博系统架构的可信性研究,信息网络安全,2011年8月,第8期,P18-21
[11]Cay Horsttnann, Core Java Volume II Advanced Features,8th Edition, Sun Microsystems Press,2007
[12]HOTP:An HMAC-Based One-Time Password Algorithm, IETF rfc4226,2005
[13]Format of Internet Message Bodies, IETF rfc2045,1996
[14]刘建伟,李晖,马建峰,一种适用于HOTP的一次口令生成算法,西安电子科技大学学报(自然科学版),第33卷,pp.650-655,2006年8月
[15]中国移动OMP应用内计费规范v2.0-20120104
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |