Delegate Credentials Use Case

From IDESG Wiki
Revision as of 03:51, 28 June 2018 by Omaerz (talk | contribs) (7 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Status: Proposed This Use Case has been submitted as a new entry to the Use Cases Catalog. It has not yet been validated or reviewed.

Title: Two Party Delegation

Use Case Description: With delegation technologies, the service provider issues delegation credentials that are tailored for access to data and/or processes limited to third-party service, but exclude access rights to anything else, such as user settings and controls. With delegations, should malicious third party activities occur, the primary service revokes the delegated credential, while the user credential remains valid. At the same time, the user is protected from Denial of Service (DoS) attacks. Delegations of a service should also be time constrained by limiting the access of a third-party service to the time necessary to perform the delegated service. ( NISTIR 7817 Section 2.1.1 )

Use Case Category: Authentication

Contributor: Scott Shorter extracted from NISTIR 7817

Use Case Details

Actors:

  • Service Provider - issues delegation credentials
  • Third-party Service - accesses data and/or processes authorized for the delegation credentials issued to them.
  • User - has a full account with Service Provider, wishes to grant access to Third-party Service.

Goals: Authorize limited access of information or processes to a third party.

Assumptions:

  • User can authenticate to Service Provider
  • Third-Party Service does not have Delegated Credentials for User yet


Requirements:

Process Flow:

  1. User accesses Third-Party Service which wants data from Service Provider
  2. Third-Party Service requests Delegated Credentials for User
  3. Service Provider obtains User consent for delegation
  4. Service Provider grants Delegated Credentials to Third-Party Service

Success Scenario: Third Party Service can access limited User data from Service Provider

Error Conditions: Third-Party Service forges User consent for Delegation

Relationships

  • Extended by:
  • Extends:

References and Citations