1. Field of the Invention
The present invention relates to an image forming apparatus to which a user's authorization is delegated, a method for controlling the image forming apparatus, and a storage medium therefor.
2. Description of the Related Art
In recent years, there have become widely operated servers that provide a service for generating an electric document in the format of Portable Document Format (PDF), and a service for storing this electric document to a terminal via the Internet. By using the services via the terminal, users can generate an electric document even if the terminal does not have the function of generating an electric document, and can also store electric documents beyond the storage capacity of the terminal.
Further, as the cloud technique is drawing attention, opportunities for creating a new added value by using a plurality of services in cooperation are expanding more than ever. Examples of possible use of services in cooperation include directly storing an electric document in the PDF format generated by using a service into another service without an intervention of a terminal. On the other hand, an issue arises from the cooperative use of services.
The issue is that, if information pieces more than the user's desire are exchanged between the services, this exchange increases a risk of a leak of user data and personal information. It is undesirable that a service other than a service for providing a result desired by a user acquires user data, personal information, and the like when the services cooperate. On the other hand, for a provider of a service, an easily implementable system is favorable as the mechanism for the service cooperation.
Under these circumstances, there has been developed a standard protocol for realizing cooperation of authorization, referred to as Open Authorization (OAuth) (refer to Japanese Patent Application Laid-Open No. 2012-008958). Implementing OAuth in a plurality of services allows, for example, an external service B, which is approved to access a service A under a specific authorization granted by a user, to access the service A without using authentication information of the user. At this time, the service A is configured to require a user's explicit approval, i.e., authorization to the access by the external service B after clearly notifying the user of the content of the authorization such as data supposed to be accessed by the external service B and a service range supposed to be used by the external service B. The term “authorization operation” is used to refer to a user's operation of explicitly granting an approval via an authorization screen.
Once the user performs the authorization operation, the service A provides a specific authorization approved by the user to the external service B. Then, the external service B directly or indirectly receives a token that proves the external service B's right to access the service A under the approved authorization, i.e., an authorization token from the service A. After that, the external service B can access the service A using this authorization token. The phrase “the user delegates an authorization to the external service B” is used to refer to a series of processes for causing an entity that will use the service, the external service B in the above-described example, to hold the authorization token as a result of execution of the authorization operation by the user. As described above, it is an entity providing a service to be used that actually delegates an authorization to an entity to use the service. In the above-described example, the service A which has confirmed that the user performed the authorization operation delegates an authorization.
It is known that this technique is utilized not only in cooperation between services but also when a resource service application in a terminal operated by a user cooperates with a service on the Internet using OAuth. Examples thereof include configurations in which a plurality of resource service applications is installed in a smart-phone that allows addition and deletion of a resource service application, and each resource service application cooperates with a service on the Internet. A representative example among them is a configuration in which a service referred to as a social networking service (hereinbelow referred to as an SNS) and a resource service application in a smart-phone cooperate with each other using OAuth.
The resource service application installed in the smart-phone accesses the SNS on behalf of the user. The user delegates an authorization for a minimum function required to use the SNS such as an authorization approving only posting of an article to the resource service application, by which the resource service application can cooperate with the SNS under the appropriate authorization without storing authentication information of the SNS in the smart-phone.
Suppose such a case that a plurality of resource service applications is installed on a smart-phone connectable with the image forming apparatus that allows installation and deletion of a resource service application and each resource service application cooperates with a cloud service. For example, a user will delegate an authorization to each resource service application with use of an authorization delegation protocol such as OAuth. In this case, the user will perform the following operation flow. The user adds a first resource service application that cooperates with a cloud service into the user's own image forming apparatus. Next, the user activates the first resource service application, and delegates an authorization for accessing the cloud service to the first resource service application by performing an authorization operation. Next, if the user adds a second resource service application, the user delegates an authorization to the second resource service application by performing an authorization operation again. In other words, the image forming apparatus requires the user to perform an authorization operation for each added resource service application for using a cloud service, leading to a cumbersome operation.
The present invention relates to an image forming apparatus for solving the above-described issue.