The main function of user authentication is to verify the real identity of a request sender. Normally, it includes two aspects as follows:
- verify the real identity of a message sender correctly.
- Verify whether the message is tampered before received.
Aliyun account authentication uses a message signature mechanism, which is different from the traditional method based on user name/password authentication.The message signature mechanism can secure the integrity and authenticity of a message during HTTP transmission process.The common message signature algorithms are HMAC-SHA1 and RSA-SHA1. The traditional authentication method based on user name and password is suitable for human computer interaction model, such as browsing the website, while the message signature mechanism is suitable for non-interactive mode, such as writing APP applications to access to API of open services. An Aliyun account can bind one or more AccessKeys. If an account user has developed multiple APP application programs, he is usually recommended using different AccessKey for each APP application and replacing it periodically. At present, the message signature algorithm to be used is HMAC-SHA1.
If you have no Aliyun account, please access to http://account.aliyun.com to apply an account which belongs to you. A valid email address is required when you apply for an Aliyun account, and the address will be regarded as the Aliyun account. For example, Alice can register an Aliyun account by using her email email@example.com and her Aliyun account is firstname.lastname@example.org.
After you have an Aliyun account, you can login in http://i.aliyun.com/access_key to create or manage the AccessKey list of current account. One AccessKey is composed of two parts: AccessKeyId and AccessKeySecret. AccessKeyId is used to retrieval AccessKey and AccessKeySecret is used to calculate message signature. So you need to strictly protect them to prevent leakage. When you need to update an AccessKey, you can create a new AccessKey and disable the old AccessKey.
If you need to use odpscmd, you need configure related information of AccessKey in ‘conf/odps_config.ini’:
access_id= <Input Access ID, without the angle brackets>
access_key=<Input Access Key here without the angle brackets>
- Currently, after disabling or enabling an AccessKey on the Aliyun website, you must wait for 15 minutes until the change is fully effective.