Home // SERVICE COMPUTATION 2011, The Third International Conferences on Advanced Service Computing // View article

User-to-User Delegation in a Federated Identity Environment

Authors:
HongQian Karen Lu

Keywords: access control, delegation, federated identity, security

Abstract:
Delegation protocols over the Web are mostly used for user-to-machine and machine-to-machine delegations. As more organizations operate in a federated identity environment, user-to-user delegation also becomes a required functionality. User-to-machine or machine-to-machine delegation methods cannot directly apply to user-to-user delegation because human cannot effectively process protocol messages. This paper proposes a new method that allows user-to-user delegations in a federated identity environment. The identity provider (IdP) acts as the delegation authority that manages delegations. Service providers (SPs) in the same environment can use this delegation service, instead of managing delegations individually. The service includes delegation assignment, invocation, and revocation. The method allows service providers to exercise access controls and to decide if the delegator has the right to delegate and if the delegatee should be authorized to perform the requested services. This method is applicable to any access control models.

Pages: 76 to 83

Copyright: Copyright (c) IARIA, 2011

Publication date: September 25, 2011

Published in: conference

ISSN: 2308-3549

ISBN: 978-1-61208-152-6

Location: Rome, Italy

Dates: from September 25, 2011 to September 30, 2011