In many computing scenarios, it is required to authenticate a user, e.g., to verify an identity and/or authorization of the user, prior to granting access to computing resources requested by the user. For example, users often communicate with a provider of computing resources, using a computer network, in order to obtain access to the computing resources. Before granting access to the requested resources, the provider typically verifies an identity and authorization of the user to access the resources. For example, in typical scenarios, the user may be required to submit a username/password combination, which the provider may then verify against a stored database of username/password combinations.
Many scenarios exist in which user authentication is required, and many associated techniques, in addition to the use of a username/password combo as referenced above, may be used in such scenarios. In general, all such scenarios and techniques provide various burdens to both the user and the provider.
For example, the user is typically required to maintain and provide information (e.g., a username/password combination) required to complete the authentication process, whenever required by a provider. Meanwhile, the provider may be required to maintain and protect large amounts of user-specific information, particularly when a large number of users are authorized to access the provider's resources. The provider may be further required to execute all the various processes associated with authenticating each user, each time the user requests access.
Many techniques have been developed to alleviate these and related burdens on the provider and user. For example, techniques have been developed for single sign-on procedures, in which a single authentication process executed with respect to a particular user is relied upon to grant the user access to two or more computing resources. In some examples, an identity provider may provide a service of authenticating users on behalf of a provider of computing resources. In such examples, the provider is relieved of the burden of authenticating each user, based on a trust in the identity provider in providing authentication on behalf of the provider.
Nonetheless, burdens associated with user authentication continue to be problematic in many scenarios for providers and/or users. Consequently, users often experience dissatisfaction with their experience of provider's resources, while the providers experience reduced opportunities to provide their otherwise-available resources.