Online services are an important part of modern computing. Online services provide storage and backup services, data processing services, key management services, virtual computing services, financial services, shopping services, and many other computing and data access services. Access to online services is generally controlled by a variety of authentication and authorization techniques such as username/password pairs, digital certificates, network address filters, and biometric identification. When accessing an online service, a client provides the appropriate authentication information to the online service, and the online service grants access. In some environments, clients operate a variety of client resources such as client computers, servers, virtual machines, and other network-connected computing appliances that would benefit from access to online services. However, providing client resources access to online services can be a difficult problem.
Client resources may require different levels of access to online services than would be provided by simply providing the client credentials to the client resource. In addition, if a client resource requires access to multiple online services, multiple sets of client credentials may be necessary. If a particular client credentials are changed, client resources that use the particular credentials will need to be updated with the new credentials. For these and other reasons, controlling the authorization of client resources to use online services can be very troublesome.