SaaS (Software as a Service) is service to provide a function of software such as an application to a user. It is possible to integrate data of various applications that an individual and a corporation utilize by providing the use service in the user data storage unit to the service on the SaaS. In addition, there is a case that a plurality of services on SasS cooperate each other (referring to patent document 1, for example). It is possible to provide a higher service by cooperating with the plurality of services.
The cooperation between the plurality of services is realized by Web API (Application Program Interface) which a service provider disclosed, for example. The application developer develops the application software in combination with Web API or API that other service provider provides. The access for Web API is performed based on certification protocols such as OAuth 2.0 or SAML (Security Assertion Markup Language) 2.0, for example.
In addition, information and communication technology includes an access control technology based on the role. The access control based on the role gives the user who succeeded in the certification the role and gives permission (access permission) depending on the role as a method of the access control for the resource, for example. Especially, the server publishes information (below called as certification token) which proves that the user has a right to use the service to a terminal when the user succeeds in the certification. And the terminal adds a published certification token to a request and transmits the request to the server, thereby it is possible to receive the provision of the service with the server within the role.
For example, it is exemplified that a service “A” cooperates with a service “B”. In addition, a user X has an account in the service “A”, but has not an account in the service “B”. When the service “B” is cooperation to the service “A”, the user X is able to receive the provision of service “B” that the user X does not have the account based on a certification token published by the service “A”. At first the terminal gives the certification token published by the service “A” to an issue request of the certification token and transmits to a provision server of the service “B”. The provision server of the service “B” publishes the certification token including the role on the service “B” corresponding to the role included in the certification token for the service “A” to the terminal. And the terminal gives the certification token that the service “B” published to the provision request of the service “B” and transmits the provision request to the provision server of service “B”. By this method, it is possible to receive the provision of the service within the role on the service “B”.
In addition, when there is service “C” in connection with the service “B”, it is possible that the user receives an provision of service “C” based on the certification token published by the service “B”. In this way, by receiving the certification on one service (in this example service “A”), the user is able to receive the provision of the different service (in this example service “B”, service “C”) to cooperate like a chain reaction.