The cloud computing is becoming an increasing concern along with the rapid development of computer technology, and gains much attention no matter from the internet manufacturers or operators, the communication manufacturers or the basic network operators.
In a narrow sense, the cloud computing refers to a delivery and using mode of an Internet Technology (IT) infrastructure to acquire required resources by a network in an on-demand and easily-extensible way; and in a broad sense, the cloud computing refers to a delivery and using mode of a service to acquire required resources by a network in an on-demand and easily-extensible way. This service can be one related to IT, software and internet, or any other service; and the cloud computing has the advantages of super-large scale, virtualization, reliability and security and the like. The cloud computing can reduce the operating cost and maintenance cost greatly for a network operator to achieve the aim of energy conservation and emission reduction; and in addition, the cloud computing can further expand the operating range so as not to be only limited to pipeline operation. In a cloud computing environment, all resources are operable and can be provided as a service, including application, software, platform, processing capacity, storage, network, computing resources, other infrastructures and the like. Users can consume at any place and any time due to the cloud computing, and can further acquire the IT resources required by an operation service without a heavy investment and rent the resources completely according to their requirements. The IT resources are acquired and charged on demand like water, power and gas.
The cloud computing mainly has three service modes: Infrastructure as a Service (Iaas), Platform as a Service (PaaS) and Software as a Servcie (SaaS).
In a cloud computing scenario, a lot of user information is concentrated in a cloud computing provider, and the cloud computing is more concentrated in information and higher in information asset value and faces more attacks than a conventional internet service, which requires that the cloud computing service provider should have a more powerful user authentication mechanism to ensure that only a valid user can access the authorized resources.
The conventional solution for this is that: each cloud computing service provider has its own user authentication system, which is generally called a local authentication server, such as a Lightweight Directory Access Protocol (LDAP) directory server or an Authentication Authorization Accounting (AAA) server, which is used for authenticating user access to a cloud computing service. The method has the following defects: the cloud computing generally has a great number of users, so as to result in great increase in the authentication overhead of the cloud computing service providers; a user needs to be registered in different cloud computing service providers, so that the user experience is poor and the risk of privacy leakage increases; and in addition, different cloud computing service providers have different authentication solutions and different security levels, and according to the cask principle, once an authentication system of a cloud computing service provider with the lowest security level is compromised, the user authentications of other cloud computing service providers are very likely to be under threat, this is because general users always utilize the same or similar authentication credential in order to remember it easily.