1 / 7

Delegation of Authority

Delegation of Authority. David Chadwick d.w.chadwick@kent.ac.uk. Motivations. To allow people to delegate roles to other people, so that they can perform tasks that were previously denied to them

Anita
Download Presentation

Delegation of Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Delegation of Authority David Chadwick d.w.chadwick@kent.ac.uk

  2. Motivations • To allow people to delegate roles to other people, so that they can perform tasks that were previously denied to them • To ease the management of permissions through distribution and delegation, which aids scalability (as opposed to centralised control) • To facilitate inter-organisation federations, by allowing one organisation to leverage the role allocations in another organisation and thereby give them access to their resources in a controlled manner

  3. Assigning and Delegating Privileges in Organisations “I authorise this Privilege Holder to use this resource in the following ways” signed The Resource Owner Resource Owner Assigns privilege “I delegate authority to this End User to use this resource in this limited way” signed The Privilege Holder Privilege Holder End User (Privilege Holder) Delegates privilege

  4. Points to holder AC Points to issuer Points to Issued On Behalf Of Delegation Policy Policy The X.509 Delegation Service SOA Bill Issues AC to Issues AC to AA Alice Delegation Issuing Service (DIS) Issues AC to End Entity Bob

  5. Apache DIS Java DIS Communications DIS Web Service Web browser SSL or Shibboleth Web Service Interface

  6. Issuer’s AC Policy DIS Web Service Authenticate DIS Client Map identities Authn name Authzn name PERMIS RBAC Credential Validation Request Authorisation DIS PEP PDP Delegation Issuing Policy IssueAC Web service interface publishAC Sign AC LDAP server

  7. Demonstration • The DIS demo is available at https://issrg-testbed.cs.kent.ac.uk:8443/dis.html Acknowledgement This work was funded under the JISC DyVOSE project

More Related