Identity Authentication and Access Control

Identity Authentication

You can access DEW through the DEW console, APIs, or SDK. Regardless of the access method, requests are sent through the REST APIs provided by DEW.

DEW APIs support multiple types of authentication requests. Take AK/SK as an example. An authenticated request must contain a signature value. The signature value is calculated based on the request access key as the encryption factor and the specific information carried in the request body. OBS supports authentication using an AK/SK pair. It uses AK/SK-based encryption to authenticate requests. For details, see Authentication.

Access Control

• DEW uses Identity and Access Management (IAM) to implement refined access control. By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. After authorization, the user can perform specified operations on cloud services based on the permissions. For details, see Permission Control.