The present disclosure relates generally to computer system and network security and, more particularly, to methods, systems, computer program products for authenticating a user of a computer system and/or network.
Cloud computing is a computing paradigm where shared resources, such as processor(s), software, and information, are provided to computers and other devices on demand typically over a network, such as the Internet. In a cloud computing environment, details of the computing infrastructure, e.g., processing power, data storage, bandwidth, and/or other resources are abstracted from the user. The user does not need to have any expertise in or control over such computing infrastructure resources. Cloud computing typically involves the provision of dynamically scalable and/or virtualized resources over the Internet. A user may access and use such resources through the use of a Web browser. A typical cloud computing provider may provide an online application that can be accessed over the Internet using a browser. The cloud computing provider, however, maintains the software for the application and some or all of the data associated with the application on servers in the cloud, i.e., servers that are maintained by the cloud computing provider rather than the users of the application.
FIG. 1 illustrates a conventional cloud service model that includes Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Infrastructure as a Service, delivers computer infrastructure-typically a platform virtualization environment - as a service. Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service. Suppliers typically bill such services on a utility computing basis and the amount of resources consumed. Platform as a Service delivers a computing platform as a service. It provides an environment for the deployment of applications without the need for a client to buy and manage the underlying hardware and software layers. Software as a Service delivers software services over the Internet, which reduces or eliminates the need for the client to install and run an application on its own computers, which may simplify maintenance and support.
Authentication services are often based on granting access to a single resource. For example, a retailer may authenticate a customer for purchasing a product from its website, but the authentication is typically not valid to purchase a product from another retailer or possibly even another division of the retailer. Similarly, an enterprise may also authenticate uses for access to one or more restricted resources, but the authentication may be valid only for a particular department, division, or some other sub-organization of the entire enterprise. For example, a soldier who serves in the army may end up on a navy ship with a need to access one or more resources associated with the navy. It may be difficult to authenticate the soldier because his army identity cannot be authenticated by the navy's authentication service. In some instances, an entity may function as part of a node in a network structure and may require authentication as being qualified to fulfill that function in a particular network hierarchy. For example, a military application may involve a network node being implemented on a submarine. The home base for the submarine may be the Pacific Ocean region and the submarine may be authenticated as implementing a particular node in a network topology in the Pacific Ocean. The submarine may travel, however, to the Atlantic Ocean and may attempt to authenticate itself as a node in an analogous network topology in the Atlantic Ocean, but it may be difficult to authenticate the submarine's Pacific Ocean identity and position in the network hierarchy to allow the submarine to become part of a network in the Atlantic Ocean.