Generally, a web service is a program or software that makes itself available over a network (e.g., the Internet) or that communicates over the network. For example, data may be protected in the cloud (e.g., in a data center or on a dedicated device/server) using web services. These web services may allow a client to backup and restore data.
In order to use web services of a data protection system, a client may be asked to authenticate. Conventionally, authentication is performed by sending a username and password to the data protection system or, more specifically, to a server. If the authentication is successful, a valid authentication token is returned to the client from the server. The authentication token can then be used during subsequent communications.
Authentication using a username and password, however, has various problems. For example, the client may be required to re-authenticate by providing the username and password if the authentication token expires. The username and password could be compromised if not protected at the client. The authentication token also needs to be protected. In addition, if a user role is changed or has changed, this does not necessarily invalidate the authentication token, which may be associated with higher role privileges. This could lead to unauthorized access.
Systems and methods are needed to improve the authentication and authorization procedures associated with web services.