Patent attributes
A selector apparatus to select one or more shared authentication facilities for a software service executing in a virtualized shared computing environment, the software service including an interface through which a user request to access a restricted resource of the service is receivable, the request having associated a user context defining one or more characteristics of the user, and the software service further having associated a plurality of authentication rules for the service, wherein each rule is associated with one or more user contexts and identifies one or more shared authentication facilities for the computing environment, the selector apparatus comprising: a launcher, responsive to a user request received via the interface, adapted to instantiate one or more authentication facilities in accordance with an authentication rule retrieved based on a user context for the received request, so as to generate one or more challenges for the user to authenticate the user, wherein the authentication rule further defines one or more parameters for the identified authentication facilities.