https://wiki.idesg.org/index.php?action=history&feed=atom&title=Delegate_Credentials_Use_CaseDelegate Credentials Use Case - Revision history2026-05-06T12:27:17ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=Delegate_Credentials_Use_Case&diff=1461&oldid=prevOmaerz: 7 revisions imported: Initial Upload of old pages from IDESG Wiki2018-06-28T03:51:55Z<p>7 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<p><b>New page</b></p><div>'''Status:''' <span style="background:#ff0000">Proposed</span><br />
This Use Case has been submitted as a new entry to the Use Cases Catalog. It has not yet been validated or reviewed.<br />
<br />
'''Title:''' Two Party Delegation<br />
<br />
'''Use Case Description:''' <br />
With delegation technologies, the service provider issues delegation credentials that are tailored for access to data and/or processes limited to third-party service, but exclude access rights to anything else, such as user settings and controls. With delegations, should malicious third party activities occur, the primary service revokes the delegated credential, while the user credential remains valid. At the same time, the user is protected from Denial of Service (DoS) attacks. Delegations of a service should also be time constrained by limiting the access of a third-party service to the time necessary to perform the delegated service. ( [[NISTIR 7817]] Section 2.1.1 )<br />
<br />
'''Use Case Category:'''<br />
Authentication<br />
<br />
'''Contributor:''' <br />
Scott Shorter extracted from [[NISTIR 7817]]<br />
<br />
=== Use Case Details ===<br />
'''Actors''': <br />
* Service Provider - issues delegation credentials <br />
* Third-party Service - accesses data and/or processes authorized for the delegation credentials issued to them.<br />
* User - has a full account with Service Provider, wishes to grant access to Third-party Service.<br />
<br />
'''Goals:''' <br />
Authorize limited access of information or processes to a third party.<br />
<br />
'''Assumptions''': <br />
* User can authenticate to Service Provider<br />
* Third-Party Service does not have Delegated Credentials for User yet<br />
<br />
<br />
'''Requirements''': <br />
<br />
'''Process Flow''': <br />
# User accesses Third-Party Service which wants data from Service Provider<br />
# Third-Party Service requests Delegated Credentials for User<br />
# Service Provider obtains User consent for delegation<br />
# Service Provider grants Delegated Credentials to Third-Party Service<br />
<br />
'''Success Scenario''': Third Party Service can access limited User data from Service Provider<br />
<br />
'''Error Conditions''': Third-Party Service forges User consent for Delegation<br />
<br />
=== Relationships ===<br />
* Extended by:<br />
<br />
* Extends:<br />
<br />
=== References and Citations ===<br />
* [[NISTIR 7817]]<br />
<br />
<br />
[[Category:Authentication Use Cases]]<br />
[[Category:Use Cases]]</div>Omaerz