Cloud computing is the use of computing resources (hardware and software) which are available in a remote location and accessible over a network, such as the Internet. Users are able to buy these computing resources (including storage and computing power) as a utility on demand. Cloud computing entrusts remote services with a user's data, software and computation. Use of virtual computing resources can provide a number of advantages including cost advantages and/or ability to adapt rapidly to changing computing resource needs.
Access to cloud-based resources can require authentication and authorization. Authentication is based on user credentials and is the process of verifying that the user is whom they say they are. For example, a user typically can be authenticated through a user identification and secret or a cryptographically verifiable signature generated from a claim based on the request and a secret.
Authorization is the process of verifying that the user is permitted to do what they are trying to do. Thus, authorization is the function of specifying access rights to resources, which is related to information security and computer security. More particularly, “to authorize” is to define access policy, which can be access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Access control in computer systems and networks relies on access policies. The access control process can be divided into two phases: 1) policy definition phase where access is authorized, and 2) policy enforcement phase where access requests are approved or disapproved.
Currently, users can have difficulty knowing what actions they are authorized to carry out, without actually performing the action and verifying that it was successful.