A Delegation Framework for Liberty
نویسندگان
چکیده
Building support for delegation services into an identity federation system enhances its flexibility and scalability. Users may need to delegate all (or a subset) of their access rights or privileges to other parties in the system. However, the Liberty Alliance, an industry consortium that aims to build open standard-based specifications for identity federation systems, does not include delegation functionality in its specifications. In this paper we propose a delegation framework for Liberty that can be readily integrated into the currently deployed specifications. The framework takes advantage of the trust relationships that exist by definition within the Liberty circles of trust, and is based on extending the use of attribute statements in SAML assertions. The framework is built on SAML 2.0 and the Liberty ID-FF 1.2 single sign-on profiles, and supports both direct and indirect delegation.
منابع مشابه
Using Trust for Restricted Delegation in Grid Environments
Delegation is an important tool for authorization in large distributed environments. However, current delegation mechanisms used in emerging Grids have problems to allow for flexible and secure delegation. This paper presents a framework to realize restricted delegation using a specific attribute certificate with trust value in grid environments. The framework employs attribute certificates to ...
متن کاملRB-GDM: A Role-Based Grid Delegation Model
Grid delegation is the procedure by which a valid user endows another user or a program or service with the ability to act on that user’s behalf. Delegation is the primary form of authorization in grids. The large and geographically distributed, dynamic, heterogeneous and scalable grid environment poses unique delegation requirements. Presently there are no standard mechanisms to guide grid del...
متن کاملFramework for Role-based Delegation Models
FRAMEWORK FOR ROLE-BASED DELEGATION MODELS Ezedin S. Barka, Ph.D. George Mason University, 2002 Dissertation Director: Dr. Ravi S. Sandhu The basic idea behind delegation is that some active entity in a system delegates authority to another active entity in order to carry out some functions on behalf of the former. Delegation can take many forms: human to human, human to machine, machine to mac...
متن کاملA Generalized Framework for Analyzing Capturing Races in Go
Capturing races or semeai are an important element of Go strategy and tactics. We extend previous work on semeai [1] by introducing a more general framework for analyzing semeai, based on the new concepts of conditional combinatorial games and liberty count games. We show how this framework encompasses earlier concepts such as plain liberty regions and plain eye regions. Furthermore, we discuss...
متن کاملOn-demand Restricted Delegation : A Framework for Dynamic, Context-Aware, Least-Privilege Delegation in Grids
In grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current grid systems, delegation is either performed dynamically, in an unrestricted manner, or by a secure but static method. Unfortunately, the former compromises security and the latter cannot satisfy the requirements of dynamic grid application execution. Theref...
متن کامل