Abstract: A service provision apparatus and related method which provides a service for a user via a network includes a setting unit, a determination unit, and a decision unit. The setting unit sets an evaluation policy for evaluating reliability of at least one authentication apparatus performing authentication on the user. The determination unit determines whether the authentication made by the at least one authentication apparatus is to be relied on, on the basis of at least one evaluation result obtained by evaluating whether the at least one authentication apparatus is to be relied on, on the basis of the evaluation policy. The decision unit determines that the service is to be provided for the user in response to a determination that the authentication made by the at least one authentication apparatus is to be relied on and information that the user has been authenticated by the at least one authentication apparatus.

Abstract: A processor ascertains that a user is authorized to access a federated computing environment that includes at least two servers, which includes determining that input authentication information previously received from the user by a first server of the at least two conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the at least two servers whose authentication policy's at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information. The authentication policy table within the first server includes (i) an authentication policy of each server of the at least two servers and (ii) a relative priority of each server in order of decreasing number of users registered in an authentication system of each server.

Abstract: A processor ascertains that a user is authorized to access a federated computing environment that includes at least two servers, which includes determining that input authentication information previously received from the user by a first server of the at least two conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the at least two servers whose authentication policy's at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information. The authentication policy table within the first server includes (i) an authentication policy of each server of the at least two servers and (ii) a relative priority of each server in order of decreasing number of users registered in an authentication system of each server.

Abstract: A method and system for authenticating a user. A first server of at least two servers receive input authentication information from the user. The first server ascertains that the user is authorized to access a federated computing environment that comprises at least two servers, which includes the first server determining that the received input authentication information conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the at least two servers whose authentication policy's at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information.

Abstract: A service provision apparatus and related method which provides a service for a user via a network includes a setting unit, a determination unit, and a decision unit. The setting unit sets an evaluation policy for evaluating reliability of at least one authentication apparatus performing authentication on the user. The determination unit determines whether the authentication made by the at least one authentication apparatus is to be relied on, on the basis of at least one evaluation result obtained by evaluating whether the at least one authentication apparatus is to be relied on, on the basis of the evaluation policy. The decision unit determines that the service is to be provided for the user in response to a determination that the authentication made by the at least one authentication apparatus is to be relied on and information that the user has been authenticated by the at least one authentication apparatus.

Abstract: A method and system for authenticating a user. A first server of at least two servers receive input authentication information from the user. The first server ascertains that the user is authorized to access a federated computing environment that comprises at least two servers, which includes the first server determining that the received input authentication information conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the at least two servers whose authentication policy's at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information.

Abstract: A method and system for authenticating a user. A first server of multiple servers generates an authentication policy table by inserting into the authentication policy table an authentication policy of each server and setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server. The authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that includes the multiple servers. The first server receives an access request from the user to access the federated computing environment, receives input authentication information from the user, and determines from use of both the input authentication information and the at least one rule in the authentication policy table of the first server that the user is authorized to access the federated computing environment.

Abstract: A method, and system, and computer program product for authenticating a user. A first server of a plurality of servers receives an access request from the user to access a federated computing environment that comprises multiple servers. After receiving the access request, the first server: receives input authentication information from the user, obtains a server address of a second server having an authentication policy that matches an authentication policy of the first server, transmits the input authentication information to the second server via the server address of the second server, receives from the second server a notification that the second server has successfully authorized the user, and permits the user to access the federated computing environment.

Abstract: A method and system for authenticating a user. A first server of multiple servers generates an authentication policy table by inserting into the authentication policy table an authentication policy of each server and setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server. The authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that includes the multiple servers. The first server receives an access request from the user to access the federated computing environment, receives input authentication information from the user, and determines from use of both the input authentication information and the at least one rule in the authentication policy table of the first server that the user is authorized to access the federated computing environment.

Abstract: An authentication certificate server receives an acquisition request of a confidential document which specifies a URI of a disclosable document obtained by removing a confidential element from the confidential document, the authentication certificate server transmits an acquisition request of the disclosable document to a public server and specifies a dictionary file based on the URI, and if the user has an access authority to the confidential element, the authentication certificate server transmits an acquisition request of a dictionary file to a confidential server.

Abstract: A method, and system, and computer program product for authenticating a user. A first server of a plurality of servers receives an access request from the user to access a federated computing environment that comprises multiple servers. After receiving the access request, the first server: receives input authentication information from the user, obtains a server address of a second server having an authentication policy that matches an authentication policy of the first server, transmits the input authentication information to the second server via the server address of the second server, receives from the second server a notification that the second server has successfully authorized the user, and permits the user to access the federated computing environment.

Abstract: Method and system for user authentication in a federated computing environment. The method includes a first method for recording server authentication information, including: establishing a trusting relationship between a first and second server, obtaining an authentication policy of the second server, and registering the authentication policy of the second server within the first server. The method includes a second method for registering new user authentication information of a new user, including: verifying that the new user authentication information conforms to an authentication policy of the first server, and registering the new user authentication information in the first server.

Abstract: Method and system for user authentication in a federated computing environment. The method includes a first method for recording server authentication information, including: establishing a trusting relationship between a first and second server, obtaining an authentication policy of the second server, and registering the authentication policy of the second server within the first server. The method includes a second method for registering new user authentication information of a new user, including: verifying that the new user authentication information conforms to an authentication policy of the first server, and registering the new user authentication information in the first server.