CredentialDelegation < IVOA

---+ Credential Delegation

The credential delegation protocol allows a client program to delegate a user's credentials to a service such that that service may make requests of other services in the name of that user.

It exists a [[http://www.ivoa.net/Documents/CredentialDelegation/20100218/][REC]] that defines a REST service that works alongside other IVO services to enable such a delegation in a secure manner. It is based on X509 certificate delegation capability (proxy certificates).

Delegation based on token is the next step. It is necessary to implement also Authorization protocols (e.g. the group managment requires a delegation to allow services to query the GMS service on behalf of the user).

A discussion is on going since 2020 [[NotesOnSSO2020][Virtual Interoperability Meeting]] 

Credential delegation discussions:

   * [[GWSTelecon20191219][GWS Teleconference 2019]]
   * [[NotesOnSSO2020][IVOA 2020 Interop]]

<br /> <!--
      * Set ALLOWTOPICRENAME = IVOA.TWikiAdminGroup
-->

This topic: IVOA > WebHome > IvoaGridAndWebServices > SecurityHome > CredentialDelegation
Topic revision: r1 - 2020-06-02 - GiulianoTaffoni