Professional Documents
Culture Documents
Delegation of Authority: David Chadwick D.w.chadwick@kent - Ac.uk
Delegation of Authority: David Chadwick D.w.chadwick@kent - Ac.uk
David Chadwick
d.w.chadwick@kent.ac.uk
Motivations
• To allow people to delegate roles to other
people, so that they can perform tasks that
were previously denied to them
• To ease the management of permissions
through distribution and delegation, which aids
scalability (as opposed to centralised control)
• To facilitate inter-organisation federations, by
allowing one organisation to leverage the role
allocations in another organisation and thereby
give them access to their resources in a
controlled manner
Assigning and Delegating Privileges
in Organisations
Issues
AC to
Delegation
Policy
AA Alice
Delegation Policy
Issues
Issuing
AC to
Service (DIS)
End
Entity Bob
DIS Communications
Web Service
Interface
Apache
DIS Web Service
Authenticate Map Issuer’s
Policy
AC
DIS Client identities
Authn
name Authzn
name Credential
Validation
Request
PERMIS RBAC
DIS Authorisation Delegation
Issuing
PDP
PEP Policy
IssueAC
Web service
interface
publishAC Sign
AC
LDAP
server
Demonstration
• The DIS demo is available at
https://issrg-testbed.cs.kent.ac.uk:8443/dis.html
Acknowledgement
This work was funded under the JISC DyVOSE
project