1. Field of the Invention
The present invention relates to an authentication service, and in more detail, to an authentication apparatus, an authentication method and a computer readable information recording medium for efficiently carrying out data synchronization between authentication apparatuses.
“Data synchronization” means a process or operation of causing data existing at one place to be the same as data existing at another place, also hereinafter. Similarly, hereinafter, “data or information is synchronized” or “synchronization of data or information” means a process or operation of causing data or information existing at one place to be the same as data or information existing at another place.
2. Description of the Related Art
In the related art, in a large-scale organization, redundancy is provided concerning an authentication server by preparing one or more authentication servers in an intermediate layer with respect to a master authentication server acting as a master concerning an authentication service or a directory service. For example, in a redundant system, a configuration is provided so that a client such as a multifunction peripheral, a network apparatus or an application can receive a service from an authentication apparatus in an intermediate layer instead of directly receiving the service from a master authentication server. Thus, an increase in a speed of obtaining data, an improvement in efficiency of obtaining data and an improvement in fault tolerance are desired.
However, in such a redundant system in which plural authentication servers are provided, it is necessary to maintain consistency in information the respective authentication servers have. Therefore, it is necessary to properly carry out data synchronization between a master authentication server and an authentication server(s) in an intermediate layer.
The above-mentioned data synchronization needs to be carried out efficiently. Concerning data synchronization, various technologies are known. For example, Japanese Laid-Open Patent Application No. 2011-48549 (Patent reference No. 1) discloses a configuration whereas in order to update a data protection policy, in a case where a data protection policy concerning data that is not updated at a time of synchronization has been changed in a master computer, the data protection policy that has been changed is to be synchronized in a slave computer.
Japanese Laid-Open Patent Application No. 2003-296172 (Patent reference No. 2) discloses a document management apparatus provided for the purpose of reducing a network traffic for carrying out synchronization of a database. The document management apparatus has a detection function of detecting information that refers to an object stored in a first document management database. The document management apparatus further has a function of obtaining from the first document management database a record which the information that refers to an object refers to has been detected by the detection function, and carrying out synchronization of the record in a second document management database.
However, in data synchronization in authentication services in the related art, a method of an authentication server in an intermediate layer synchronizing data of a master authentication server is fixed, and synchronization is carried out uniformly, regardless of the degree of importance of the data, such as a required interval of synchronization. If data which does not need to be synchronized at a shortened interval is synchronized uniformly together with data having a higher degree of importance, unnecessary data traffic may be generated. Thus, data synchronization in authentication services in the related art may be insufficient from a viewpoint of efficiency of data synchronization.
The above-mentioned technologies disclosed in Patent references Nos. 1 and 2 do not consider the above-mentioned levels of intervals of synchronization required for data, and thus, may be insufficient from a viewpoint of improving efficiency of data synchronization concerning an authentication process.