One or more aspects of the invention relate generally to granting access to a system resource, and more specifically, to granting access in a single sign-on-environment.
A secure access to system resources has always been a relevant area of systems management in a multiuser computing environment. However, in a cloud computing based environment (or briefly “cloud computing” or “cloud system”), users from many different computing environments access system resources in a cloud computing center. This may be the case for SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service) and/or IaaS (Infrastructure-as-a-Service) offerings. It is a requirement to ensure that only authorized people and related systems are given access to secured resources.
Often, a cloud service may require a collaboration of a plurality of backend systems. Users—or autonomous systems—do not want to log into each and every system from which a sub-service may be required in order to take advantage of one of the above mentioned services. In traditional, on-premise compute centers, single-sign-on solutions (SSO) are pretty common: a user—or a system—only needs to sign in once in order to access all related and required computing resources. However, to allow this technology in cloud-based computing environments, the on-premise concepts are to be adapted and enriched.
Instead of the full administrative control operating in the same domain and allowing an easy exchange of access keys, it needs to become more flexible as soon as computing systems operated by other parties—e.g., service providers—are connected, as is common in cloud computing. In order to support this advancement in technology, there are some SSO concepts in place, which may allow a seamless login process between systems of different parties or service providers as soon as a trusted—i.e., security key based—environment has been established. Those protocols known as openID (from the OpenID Foundation), OAuth (open standard authorization), OpenID Connect (OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol), SAML (security access markup language) and others have been implemented.
However, as cloud systems become more complex, changes to and/or additions in the initial design of those solutions may be desirable.