An Architecture for Practical Delegation in a Distributed System

Delegation is the process whereby a user in a distributed environment authorizes a system to access remote resources on his behalf. In today’s distributed systems where all the resources required to carry out an operation are rarely local to the system to which the user is logged in, delegation is more often the rule than the exception. Yet, even with the use of state-of-the-art authentication techniques, delegation is typically implicit and transparent to the remote system controlling the resources, making it difficult for that system to determine whether delegation was authorized by the user. This paper describes a practical technique for delegation that provides both cryptographic assurance that a delegation was authorized, and authentication of the delegated systems, thereby allowing reliable access control as well as precise auditing of the systems involved in every access. It goes further than other approaches for delegation in that it also provides termination of a delegation on demand (as when the user logs out) with the assurance that the delegated systems, if subsequently compromised, cannot continue to act on the user’s behalf. Delegation and revocation are provided by a simple mechanism that does not rely on online trusted servers.