Delegation in IT

Delegation in IT

If a computer user temporarily hand over his authorizations to another user then this process is called delegation.[1][2]

Contents

Types of Delegation in IT network

There are essentially two classes of delegation.

  1. Delegation at Authentication/Identity Level
  2. Delegation at Authorization/Access Control Level

Delegation at Authentication Level

It is defined as follows: If an authentication mechanism provides an effective identity different from the validated identity of the user then it is called identity delegation at the authentication level provided the owner of the effective identity has previously authorized the owner of the validated identity to use his identity.[3]

The existing techniques of identity delegation using sudo or su commands of UNIX are very popular. To use sudo command, a person first has to start his session with his own original identity. It requires the delegated account password or explicit authorizations granted by the system administrator. The user login delegation described in the patent of Mercredi and Frey is also an identity delegation.[4]

Delegation at Access Control Level

The most common way of ensuring computer security is access control mechanisms provided by operating systems such as UNIX, Linux, Windows, Mac OS, etc.[5] If the delegation is fine grained, like Role-based access control (RBAC) delegation, then there is always a risk of under-delegation, i.e., the delegator does not delegate all the necessary permissions to perform a delegated job. This may cause the denial of service, which is very undesirable in some environments, such as in safety critical systems or in health care. In RBAC based delegation, one option to achieve delegation is by reassigning a set of permissions to the role of a delegatee, however, finding the relevant permissions for a particular job is not an easy task for large and complex systems. Moreover, by assigning these permissions to a delegatee role, all other users who are associated with that particular role get the delegated rights. If the delegation is achieved by assigning the roles of a delegator to a delegatee then it would not only be a case of over-delegation but also the problem that the delegator has to figure out what roles, in the complex hierarchy of RBAC, are necessary to perform a particular job. These types of problems are not present in identity delegation mechanism and normally the user interface is simpler. More details can be found in the literature of RBAC.

References

  1. ^ Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of 16th Annual Computer Security Application Conference, New Orleans, U.S.A. (December 2000)
  2. ^ A mechanism for identity delegation at authentication level, N Ahmed, CD Jensen - Proceedings of the 14th Nordic Conference …, 2009 - portal.acm.org, 2009
  3. ^ A mechanism for identity delegation at authentication level, N Ahmed, CD Jensen - Proceedings of the 14th Nordic Conference …, 2009 - portal.acm.org, 2009
  4. ^ Mercredi, Frey: User login delegation. United States Patent Application Publication, US 2004/0015702 A1 2004
  5. ^ Gollmann, D.: Computer Security 2e. John Wiley and Sons, Chichester (2005)

Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • délégation — [ delegasjɔ̃ ] n. f. • XIIIe; de delegatio « procuration » I ♦ 1 ♦ Commission qui donne à qqn le droit d agir au nom d un autre. ⇒ mandat, procuration, représentation. Personne qui agit par délégation, en vertu d une délégation. ⇒ délégué. ♢… …   Encyclopédie Universelle

  • Delegation — • A delegation is the commission to another of jurisdiction, which is to be exercised in the name of the person delegating. Jurisdiction is defined as the power of anyone who has public authority and pre eminence over others for their rule and… …   Catholic encyclopedia

  • Delegation — (von frz. Délégation bzw. lat. delegare: „hinschicken, anvertrauen, übertragen“) steht in der Gesellschaft für Delegation (Abordnung), eine Gruppe von Geschäftsträgern Delegation (Organisationskonzept), ein Konzept der Arbeitsteilung in der… …   Deutsch Wikipedia

  • delegation — del·e·ga·tion /ˌde li gā shən/ n 1: the act of delegating 2: a group of persons chosen to represent others Merriam Webster’s Dictionary of Law. Merriam Webster. 1996 …   Law dictionary

  • Delegation — Délégation Cette page d’homonymie répertorie les différents sujets et articles partageant un même nom …   Wikipédia en Français

  • delegation — del‧e‧ga‧tion [ˌdelˈgeɪʆn] noun 1. [countable] COMMERCE a group of people who officially represent a company, organization, government etc: • A delegation of British business executives has arrived in Cuba for trade talks. • The company s chief …   Financial and business terms

  • délégation — DÉLÉGATION. sub. f. Commission donnée à quelqu un pour connoître, pour juger, et généralement pour agir au nom d un autre.Délégation, se dit aussi d Un Acte par lequel on donne à une personne une somme à recevoir d une autre. Faire une délégation …   Dictionnaire de l'Académie Française 1798

  • delegation — 1610s, action of delegating (earlier in this sense was delegacie, mid 15c.); perhaps a native formation, perhaps from Fr. délégation, or directly from L. delegationem (nom. delegatio) assignment, delegation, noun of action from pp. stem of… …   Etymology dictionary

  • Delegation — Del e*ga tion, n. [L. delegatio: cf. F. d[ e]l[ e]gation.] 1. The act of delegating, or investing with authority to act for another; the appointment of a delegate or delegates. [1913 Webster] 2. One or more persons appointed or chosen, and… …   The Collaborative International Dictionary of English

  • delegation — [n1] assignment of responsibility appointment, apportioning, authorization, charge, commissioning, committal, consigning, consignment, conveyance, conveying, deputation, deputization, deputizing, devolution, entrustment, giving over, installation …   New thesaurus

  • delegation — Delegation. subst. f. v. Commission donnée à quelqu un pour connoistre, pour juger. Un Legat en France ne peut connoistre d aucune affaire en premiere instance par citation ny par delegation …   Dictionnaire de l'Académie française

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”