Cross-Context Delegation through Identity Federation
نویسندگان
چکیده
We present in this paper a basic scheme for delegation in a federated setting and two more advanced schemes, transferable and corporate delegation. By transferable delegation delegatees are able to delegate the received privileged actions further to someone else. Corporate delegation is delegation within a business context. Our schemes are generic and user-centric. We elaborate on the different procedures to issue, accept and revoke mandates in these schemes. Different variations are discussed and their impact on the corresponding procedures is evaluated. For the basic scheme of delegation mandates are used, for more advanced schemes, as the complexity increases, use of delegation assertions is proposed.
منابع مشابه
A Delegation Framework for Liberty
Building support for delegation services into an identity federation system enhances its flexibility and scalability. Users may need to delegate all (or a subset) of their access rights or privileges to other parties in the system. However, the Liberty Alliance, an industry consortium that aims to build open standard-based specifications for identity federation systems, does not include delegat...
متن کاملOn the deployment of a real scalable delegation service
This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker a...
متن کاملEuropean Context-awareness and Trust (eurocat09) 3 Rd Workshop on Combining Context with Trust, Security, and Privacy Program Commitee Trust Management in Context-aware and Service-oriented Architectures (invited Talk) Context-aware Identity Delegation
In emerging ubiquitous computing, related nomadic users often perform similar tasks and share the same computing infrastructure. This means that security of the shared resources is of prime importance. Frequent delegation of tasks among users must be anticipated as most nomadic environments are hectic and very dynamic. A delegation mechanism with a slightly complicated user interface will not o...
متن کاملSolving identity delegation problem environment
At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on nondynamic offline processes that do not enable quick ...
متن کاملPrivacy in Enterprise Identity Federation
Cross-domain identity management is gaining significant interest in industry. A recent example is the Liberty Alliance’s specifications for single signon of users across a federation of enterprises. These specifications stress that the federation process is voluntary for the users and that privacy is preserved, e.g., by using pseudonyms. We evaluate the privacy of these specifications in detail...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008