A variety of applications are available for use on computing devices today that require a certain level of trust establishment between the applications and various resources. For example, an application may need the user to grant the application the ability to access a client account and/or access to sensitive user data (e.g., financial data). As another example, an application may need the user to provide the application with the user's ID and password to an account in order to take actions on behalf of the user relative to the account. For example, a bill paying application may need a user's ID and password to their bank account in order to perform bill paying functions. The application would then present the username and password to the e-commerce service as authentication in order to perform the actions for which the application is being used.
However, such authentication techniques placed users at risk, requiring them to fully trust an application. Once their username and password are provided to the application, the user may not have full knowledge of the particular actions taken by the application or may not fully realize how the application is using the user's personal data. Conventional authentication techniques that seek to provide more security are complex, fragile and disrupt the user experience.
A need remains for a more robust and less disruptive technique for establishing trust with an application seeking to perform select actions relative to a client account.