Computer devices and applications increasingly rely upon real-time services provided by network sources or providers. In some situations, clients that are requesting network services must authenticate by supplying passwords, identifiers, or other credentials. In addition, requests submitted by clients may be digitally or cryptographically signed so that recipient servers may verify that the requests originated with authorized clients and that the requests have not been altered in transit.
There are various details involved in authenticating clients and requests, and the collection of practices used in a particular environment may be referred to as an authentication scheme, which may in some cases comprise a signature generation scheme. A service provider typically defines an authentication scheme or signature generation scheme for use in conjunction with services offered by the service provider. In order to use the services of a provider, a developer customizes a client application so that it complies with the authentication scheme of the service provider.
In some cases, however, a weakness or flaw may eventually be discovered in a particular authentication scheme, forcing the service provider to update or change its authentication scheme. This typically requires developers to update their applications to comply with the new scheme. However, it may be difficult to motivate developers to make the required updates.
In some cases, developer updates can be forced by simply refusing to honor out-of-date authentication schemes. However, this may break or disable many applications if developers are not diligent in updating their applications. In many situations, a service provider instead provides an updated authentication scheme and allows the old authentication scheme to also be used for an indefinite time. Depending on the ability of the service provider to motivate developers, the service provider may have to allow the use of both authentication schemes for a lengthy period, which may compromise the ability of the service provider to reliably authenticate clients and requests.