1. Field of the Invention
The present invention relates to an information processing system, a control method thereof, and a non-transitory computer-readable medium and, more particularly, to authorization processing between services.
2. Description of the Related Art
The OAuth protocol is a representative standard technology of implementing a service call between cloud services that have currently become widespread. The OAuth protocol is a protocol to delegate authorization information (authority). For example, assume that a service A and a service B exist, and the user is using the function of the service A. To allow the service A to access user information held by the service B, the user authorizes the service A to use the function of the service B. The service A can use the function of the service B within the range of the thus delegated authority.
To use the OAuth protocol between services, implementation (installation of functions) to cope with the OAuth protocol is needed on the service providing side and the service using side. The service using side needs implementation corresponding to the degree of implementation of OAuth protocol specifications on the service providing side and additional unique security implementation. For this purpose, each service using side is required to implement the OAuth protocol complying with the service providing side.
Japanese Patent Laid-Open No. 2011-519087 discloses a system that performs access control using authorization information to cause a client to use functions provided by the service providing side. The client side where the service is used creates an authorization message to cause the service providing side to check authorization information. The service providing side receives the authorization message created by the client, and then checks the expiration date to determine whether the service is usable.
In Japanese Patent Laid-Open No. 2011-519087, to allow the client side to use the functions provided by the service providing side, the client side needs implementation to generate authorization information complying with the service providing side.
On the other hand, corporations that use inter-service cooperation by the OAuth protocol are increasing year by year. Under these circumstances, it is difficult to implement the protocol in correspondence with individual services because of the number of services, cost, and the like.