Delegation: Difference between revisions
Jump to navigation
Jump to search
| Line 29: | Line 29: | ||
* The follows shows the elements in json format that are included in the token. | * The follows shows the elements in json format that are included in the token. | ||
* The best practice for this token is to send it as a signed, but not encrypted jose formatted string with a JWS signature. This will allows the token to be embedded in the grant that is send to a resource server by the user. | * The best practice for this token is to send it as a signed, but not encrypted jose formatted string with a JWS signature. This will allows the token to be embedded in the grant that is send to a resource server by the user. | ||
{| | |||
|element | |||
|- | |||
|sub | |||
|- | |||
|} | |||
==References== | ==References== | ||
Revision as of 00:06, 25 July 2020
Full Title or Meme
Delegation allows the owner of access to a resource to give some subset of that ability to another party.
Context
- The wiki page is focused on the need for a digital entity on the web to give some other party the ability to exercise some of the capability to some other digital entity.
- In the case of human users the web they will have a User Agent through which they can express their intents on the web.
- Some examples of delegation include:
- A manager goes on vacation and provide with a temporary replacement the ability to control access to the division web site repository.
- A person is declared unfit to manage their affairs by a court of competent jurisdiction and a guardian is appointed.
- A parent and a child have the reversed case where the parent gives the child some ability to visit web sites are have age restrictions.
- The president of the United States goes into surgery and passes control of the nuclear deterrent to the vice president.
- A husband and wife give each other to make medical decisions for them with a defined set of limitations.
- I add medical conditions to may smartphone so that any authorized EMT can view them if i am found comatose.
Use Cases
- Delegate Credentials Use Case
- Delegate Credentials Use Case
- Delegated Authentication Use Case
- Delegated Authentication for User Managed Access
- Delegated to Trusted Assistant Use Case.
Actors
- A valuable Resource that is hosted on a Resource Server. (Typically data, but it could also be a service API.)
- The Resource Owner that controls access to the Resource.
- The user of the Resource that receives the delegation token from the Resource Owner.
- The Relying Party that needs access to the Resource.
Solutions
- For this wiki the solution will be some sort of digital token that identifies the subject and is signed by the subject private key.
- The follows shows the elements in json format that are included in the token.
- The best practice for this token is to send it as a signed, but not encrypted jose formatted string with a JWS signature. This will allows the token to be embedded in the grant that is send to a resource server by the user.
| element |
| sub |