Cross-Context Delegation through Identity Federation
ISSN der Zeitschrift
Gesellschaft für Informatik e. V.
We present in this paper a basic scheme for delegation in a federated setting and two more advanced schemes, transferable and corporated delegation. By transfer- able delegation delegatees are able to delegate the received privileged actions further to someone else. Corporate delegation is delegation within a business context. Our schemes are generic and user-centric. We elaborate on the different procedures to is- sue, accept and revoke mandates in these schemes. Different variations are discussed and their impact on the corresponding procedures is evaluated. For the basic scheme of delegation mandates are used, for more advanced schemes, as the complexity in- creases, use of delegation assertions is proposed.