Increasingly, in the computing world, functionality is distributed. Such distribution is achieved through the separation of functionality or data (collectively referred to as resources) needed for tasks, and the physical or logical decoupling of such resources. In order to accomplish certain tasks or applications multiple resources may therefore be needed. Thus, communications between various these distributed resources may be required when implementing that functionality.
To illustrate an example, to accomplish functionality associated with an application on a mobile device the application may communicate with one or more service providers that may be deployed at a remote location, such as on servers or in the cloud, and these service providers may, in turn, contact content servers or database servers to obtain needed data, etc. As another example, a cloud based service may have many components, where each component may be configured to accomplish different portions of the functionality of the service such that a coordinating service component may need to communicate with these various components in order to accomplish a task for the cloud based service.
As can be imagined, these types of architectures present certain difficulties. One of the most pressing of these difficulties has to do with security. In many cases the resources that are needed to accomplish particular functionality may reside in different domains. A domain may include an internetworked set of computers or applications associated with a particular entity, address, etc. Access to resources within a domain may, however, be restricted to known users of the domain. In the main, the authentication of these known users is performed using an authenticator associated with that domain using credentials associated with that domain and that specific user (e.g., an identifier and password).
Restricting access to resources to known users of the domain serves as a major impediment to proper functioning and communication between distributed resources. This situation exists mainly because, in many cases, a requestor (e.g., service or the like) may be required to communicate with a number of distinct domains and access a number of different resources to accomplish a particular task, and may even have to utilize different resources to accomplish different instances of the same task. A requestor may, however, not always be a known user of the domain where a desired resource resides.
Accordingly, what is needed are systems and methods that allow non-local requestors to utilize a resource of a domain while maintaining security.