The present disclosure relates to the general field of telecommunications, and in particular to so-called “cloud” computer systems.
Some embodiments relate more particularly to a user of an entity such as a business accessing computer resources made available to that entity by a cloud computer system.
According to a definition given by the National Institute of Standards and Technology (NIST), cloud computing is a model that enables users to act via a network to obtain self-service access on request to computer resources such as storage space, calculation power, applications, network resources, software, or indeed services, which are virtualized (i.e. made virtual) and shared.
In other words, the computer resources are no longer located on a server that is local to an entity or on a user's terminal, but, in accordance with the cloud computing concept, they are “dematerialized” in a cloud made up of a plurality of remote servers that are mutually interconnected and accessible to users, e.g. via a network application. Users can thus access these resources in varying manner without any need to manage the underlying management infrastructure of these resources, which infrastructure is often complex.
The concept of “cloud computing” is described in detail in the document published by the International Telecommunication Union (ITU) under the title “FG Cloud TR, version 1.0—part 1: introduction to the cloud ecosystem: definitions, taxonomies, use cases and high level requirements”, February 2012.
In known manner, cloud computing benefits from numerous advantages:                flexibility and diversity of resources, which are shared and practically unlimited;        potential changes to the resources, which are supplied on demand;        simple and automatic administration of the computer infrastructures and of the networks of businesses, with corresponding reductions in administration costs; and        etc.        
Nevertheless, a major challenge with the concept of cloud computing is to guarantee that access to resources is protected and made secure.
Transferring from a conventional computer environment that is secure and closed to an infrastructure in the cloud that is open and shared, over which the user or the business has no control and which is accessible via a telecommunications network such as the public Internet, which is particularly vulnerable and perpetually subject to computer attacks and piracy, leaves potential users with certain worries concerning security.
The ITU thus finds nowadays that access control comprises fundamental means for securing access to cloud computer systems.
Present public solutions for cloud computer systems, such as Amazon Web Services or Windows Azure, make use of identity management and access control mechanisms that are relatively simple and that rely essentially on the following three processes:                managing digital identities and authentication data with the cloud computer system;        authenticating users; and        authorizing users to access resources made available by the cloud computer system.        
In general, those solutions make it possible for each client entity to create a client account, and then within each client account to define users and to give those users or groups of users rights in terms of access to the resources made available to the entity by the cloud computer system. Users have their own authentication data with the cloud computer system (typically a user identifier and a private encryption key associated with a public encryption key held by the cloud computer system) and can use this data to access the resources made available by the cloud computer system. The control, properly speaking, of access to the resources relies on an access control model that is predefined for all of the client accounts, such as for example the role-based access control (RBAC) model described in the document by R-S. Sandhu et al., “Role-based access control models”, IEEE Computer 29(2), pp. 38-47, 1996.
Although such a mechanism for managing identities and controlling access enables access to the resources made available by the cloud computer system to be made secure and guarantees that resources for the various different client entities are kept separate, it nevertheless lacks flexibility. A single predefined access control model is adopted for all client accounts. Unfortunately, that single model may not be suitable for all client accounts.