DYNAMIC IDENTITY CHECKING

摘要

A selector apparatus to select one or more shared authentication facilities for a software service executing in a virtualized shared computing environment, the software service including an interface through which a user request to access a restricted resource of the service is receivable, the request having associated a user context defining one or more characteristics of the user, and the software service further having associated a plurality of authentication rules for the service, wherein each rule is associated with one or more user contexts and identifies one or more shared authentication facilities for the computing environment, the selector apparatus comprising: a launcher, responsive to a user request received via the interface, adapted to instantiate one or more authentication facilities in accordance with an authentication rule retrieved based on a user context for the received request, so as to generate one or more challenges for the user to authenticate the user, wherein the authentication rule further defines one or more parameters for the identified authentication facilities.

主权项

1. A user authentication method for a software service executing in a virtual machine of a shared computing environment comprising:
receiving an indication of a user request to access a restricted resource of the service, the request having associated a user context defining one or more characteristics of the user; retrieving an authentication rule for the service based on the user context, the authentication rule identifying one or more shared authentication facilities for the computing environment; and instantiating one or more authentication facilities in accordance with the authentication rule to generate one or more challenges for the user so as to authenticate the user, wherein the authentication rule further defines one or more parameters for the identified authentication facilities.