一种云计算中的多重身份认证与授权方案

OpenID是一种广泛应用于云计算中的去中心化的身份认证技术。OpenID为用户以一个身份在多个云服务中通行提供了一种方式，也解决了因遗失在云提供商处注册的云身份凭证而不能登录的问题。但用户以OpenID身份登录云服务后，却不能访问该用户的云身份拥有的资源，且OpenID技术也没有对请求身份信息的云服务进行认证与细粒度授权。因此文章在OpenID技术和OAuth技术的基础上，设计了一种多重身份认证与授权方案来解决上述同一用户不同身份的资源不可访问问题，以及身份信息等资源访问流程中的细粒度授权问题。

A Multi-identities Authentication and Authorization Schema in Cloud Computing

OpenID, which is widely used in cloud computing, is a decentralized identity authentication technology. OpenID not only provides a method for a user to pass through multiple cloud services by using one identity, but also solves the problem that users cannot login in due to loss of cloud identity credentials which had been registered in cloud. But a user cannot access the resources which belong to his cloud identity by an OpenID identity, and OpenID can’t authenticate and authorize the cloud service who requests identity information in a fine-grained manner. In order to solve the above-mentioned problems, we have designed a kind of multi-identities authentication and authorization schema based on OpenID and OAuth to make the resources owned by cloud identity be accessed by the same user’s OpenID identity and to implement fine-grained authorization in resource authorization process.