1. Technical Field
This disclosure relates generally to techniques for enabling controlled access to resources in a cloud compute environment.
2. Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible, e.g., through a conventional Web browser over HTTP.
In a traditional client-server authentication model, a client uses its credentials to access resources hosted by a server. With the increasing use of distributed web services and cloud computing, third-party applications often require access to these server-hosted resources. OAuth is an open protocol (Internet Request for Comment (RFC) 5849) that enables users to share their private data among different Web sites along with their credentials while only exposing the data on the original Web site where it is held. In particular, the OAuth protocol allows users to share private resources stored on one Web site with other sites without exposing the users' credentials—for example, usernames and passwords—to Web sites other than the one holding the users' data. A Web site adopting OAuth as one of its authentication protocols enhances the privacy and security for users. To accomplish this functionality, OAuth introduces a third role to the traditional client-server authentication model: namely, a resource owner. In the OAuth model, the client (which is not the resource owner, but is acting on its behalf) requests access to resources controlled by the resource owner but hosted by the server. In addition, OAuth allows the server to verify not only the resource owner authorization, but also the identity of the client making the request.