1. Field of the Invention
The claimed invention relates to a system for delegation of authority that can mash up a plurality of online services by delegating an authority in realizing a mashup of these online services. The claimed invention further relates to an access management service system, a medium and a method for controlling the system for delegation of authority.
2. Description of the Related Art
A service that can provide a software function via the Internet, which is generally referred to as “cloud service”, has been recently used. In many cases, two or more cloud services cooperate with each other to provide a new service.
To cause a plurality of cloud services to cooperate with each other, it is generally necessary to verify appropriateness of user's access authority while accessing an authentication mechanism equipped in respective services. A conventional system discussed in Japanese Patent Application Laid-Open No. 2004-252955 is a system in which two or more services can cooperate with each other and each service has an individual authentication mechanism. The system is configured to perform authentication processing for all services that constitute the system if the first authentication processing is required for any one of the services. A response returned in this case includes a merged authentication result. Thereafter, no authentication processing is required to use any one of the plurality of services.
On the other hand, it is conventionally known that “OAuth” is available as a technique that can safely and easily control accesses between services when the services cooperate with each other. The technique “OAuth” allows delegating a cooperation destination service access authority to the cooperation source service. When the OAuth-based capability of delegating the service access authority is incorporated in the authentication mechanism of respective services, a cooperation of two or more cloud services can be safely realized without storing any security information (e.g., user ID and password) in the service.
The OAuth-based capability of delegating the service access authority determines whether to allow the delegation of authority to access the cooperation source service by requesting a user who operates the cooperation source service to approve, when the cooperation source service cooperates with the cooperation destination service. If the user approves, the cooperation source service can temporarily use the cooperation destination service. However, a cooperation of a plurality of services in which a server itself that provides a cooperation source service is required to have an appropriate authority to access a cooperation destination service has not been taken into consideration.