1. Field
Aspects of the present invention generally relate to a device apparatus that is operable in response to delegation of authority from a user, a method for controlling the device apparatus, and a related storage medium.
2. Description of the Related Art
In general, a widely recognized on-line server can provide various types of services, including a service that is usable to create a PDF electronic document and a service that is usable to store the created electronic document, to a terminal via the internet. More specifically, each user can generate an electronic document by using an on-line service that is available via the terminal, when the terminal does not have any function of generating such an electronic document. Further, each user can use an on-line service to store personal electronic document data that exceeds the maximum storage capacity of the terminal.
Further, due to development of cloud systems, there is an increasing opportunity of creating new values obtainable by causing a plurality of services to cooperate with each other. For example, as an example cooperation of two services, when a PDF electronic document is generated using one service, the generated document can be directly stored in another service without requiring any operation by the terminal. On the other hand, the following problems may occur when a plurality of services cooperate with each other.
In short, the risk of leaking user data and personal information increases significantly if a great amount of information is transmitted and received between two or more services beyond user intention. When two or more services cooperate with each other, it is desired that a service can acquire user data and personal information only when the service can provide a result responding to user's request. On the other hand, for a service provider, employing an easily installable mechanism for the cooperation of services is desired.
OAuth protocol provides a standard way to realize approval cooperation considering the above-mentioned situation. For example, among a plurality of services having installed OAuth, accessing a service A without using any user authentication information is feasible for a third-party service B if a specific authority is given to the third-party service B from a user. In this case, it is necessary for the service A to inform the user of explicit contents of authority (e.g., data to be accessed by the third-party service B and a usable range of the service) before it gives user approval to the access from the third-party service B. The conduct performed by a user to give explicit approval via an approval screen is referred to as “approval operation.”
If the user performs the approval operation, the service A gives specific authority approved by the user to the third-party service B. Then, the third-party service B directly or indirectly receives an approval token from the service A. The approval token is proof of recognizing the access from the service B based on the approved authority. Subsequently, the third-party service B can access the service A using the approval token.
A sequential processing flow for causing the entity that uses the service (e.g., the third-party service B according to the above-mentioned example) to store the approval token (i.e., the result of the approval operation performed by the user) can be referred to as user operation for delegating authority to the third-party service B.
As mentioned above, an entity that provides a usable service gives actual authority to an entity that uses the service. According to the above-mentioned example, the service A gives authority to the service B after confirming the approval operation performed by the user.
The above-mentioned technique is not limited to the cooperation between services. It is conventionally known that an application installed on a terminal that a user operates can cooperate with a service accessible via the internet using OAuth. For example, when a plurality of applications is installed on a smartphone (i.e., a communication tool having the capability of adding and deleting applications), each application can cooperate with an external service accessible via the internet. As a representative example, an application installed on a smartphone can cooperate with an on-line service, which is generally referred to as social networking service (SNS), using OAuth.
In this case, the application installed on the smartphone accesses the SNS on behalf of a user. The authority delegated to the application is limited to minimum functionality necessary to use the SNS (e.g., the authority required to post a message). The application can cooperate with the SNS with appropriate authority without storing SNS authentication information in the smartphone.
After user authority is delegated to an application, if the application uses a cloud service in a state where a user does not log in a device, it is generally difficult to identify an authority to be used.