Field
Aspects of the present invention generally relate to an authority transfer system that handles authorization processing for transferring the authority of a user in a service to a client, a method that is executed by the authority transfer system, and a storage medium.
Description of the Related Art
As cloud computing has become more popular, there are more and more opportunities for a plurality of services to cooperate with each other. The term “service” refers to a function, e.g., web application, that a server connected via a network, such as the Internet, provides. Services cooperating with each other enable providing users with new services obtained by adding value to an ordinarily provided service.
However, services cooperating with each other may cause the following issue. More information than a user desires may be transmitted and received between a plurality of services. This can result in exposure of confidential information about user data or personal information. While service cooperation may be realized between various services, services other than the service that the user has recognized should not be able to handle user data or personal information. However, from the point of view of the above-mentioned provision of added value, a scheme of service cooperation is necessary, and service providers desire that the scheme of service cooperation is able to be readily implemented.
Under such situations, a standard protocol called “OAuth” has been formulated for implementing cooperation regarding authorization. According to OAuth, for example, in a case where an application stored in a terminal is going accessing data managed by a cloud service, the application can receive an explicit authorization from the user, thus becoming able to access the data without performing authentication processing.
When the user has issued the authorization, the authority of the user is transferred to the application, so that the application is permitted to access the service. Since the application receives authorization information proving that the access has been permitted (hereinafter referred to as an “access token”), the subsequent accesses do not require the user's authentication operation, so that the access token is used to implement communications with the service. In the following description, an operation performed by the user to authorize the transfer of the authority of the user in a service to a third person so as to issue an access token is referred to as an “authorization operation”. Japanese Patent Application Laid-Open No. 2013-145505 discusses technology concerned with the control of issuance of an access token in a case where OAuth has already been used.
In recent years, with the spread of smartphones, there are increased cases where one person possesses a plurality of terminals. Therefore, there is a possibility that the user may desire to seamlessly use terminals without being aware of which terminal the user is using among a plurality of terminals the user possesses.
For example, suppose that an application that accesses data managed by the cloud service is installed on each of the plurality of terminals. In order for the application to access data, an access token is necessary, and the user's authorization operation is necessary. According to a conventional method, the user is required to individually perform the authorization operation on each terminal the user possesses. This causes the user to be aware of on which terminal the authorization operation is completed and on which terminal the authorization operation is not yet completed, and thus does not result in a seamless usage of terminals.