Traditional authentication, authorization, and accounting schemes focus on granting access to a resource, such as a service. Typically, a business or other enterprise may use different standards for authentication, authorization, and accounting when a client or service consumer is an internal user that is affiliated with the enterprise, as opposed to an external user that is not affiliated with the enterprise. For example, internal services are often provided free of charge to internal users as part of the enterprise's business operations. Further, because internal services are typically provided within an enterprise's network, intranet, or the like, interactions are often assumed to be secure. Consequently, the utilization of internal services by internal users may not always be well monitored, which can affect the enterprise's efficiency and security.
In addition, users of internal services may be able to access enterprise data that would never be exposed publicly, such as customer information, proprietary information, financial information, and the like. Accordingly, some enterprises may have safeguards that limit access of internal users to enterprise data. However, enforcing these safeguards may interfere with the legitimate need for access to certain information or services.
Additionally, some internal services may be used by many different service consumers for many different purposes, and internal services tend to change or evolve at a faster rate than public services. Thus, internal service providers may not be able to easily monitor how their services are being used, who is using their services, or how ongoing changes in their services affect internal users and overall security concerns.