Modern computing networks provide access to a wide variety of computing resources such as data archives, search engines, data processing, data management, communications, and electronic marketplaces, as well as media and entertainment services. As the number and size of such computing resources, and their user communities, have grown and become more sophisticated, a need has arisen to establish increasingly sophisticated usage policies. For example, such policies may include policies that address security, privacy, access, regulatory and cost concerns. Policies may be applied to various users to control access to various computing resources accordingly. As just one example, some users may be allowed to read, write, and delete a certain set of data while other users may be allowed only to read the data and while other users may have no access to the set of data.
Policy enforcement often includes user authentication wherein a user, through various processes, confirms his or her identity in order to gain access to one or more computing resources. For various reasons, a user may wish to grant access to another user who does not typically have access. In many instances, it may be desirable to grant access for a limited period of time and possibly to limit the amount of access granted for that time. In some of these instances and in other instances, it is often desirable to require a user (who may be a user to whom permissions have been delegated, but not necessarily so) to require more reliable authentication (such as multifactor authentication) for different types of access. Conventional techniques for accomplishing permission delegation and/or reliable authentication can be cumbersome and, in many instances, may involve unnecessary risk.
Same numbers are used throughout the disclosure and figures to reference like components and features, but such repetition of number is for purposes of simplicity of explanation and understanding, and should not be viewed as a limitation on the various embodiments.