Dynamic Identity Delegation Using Access Tokens in Federated Environments

Abstract

Identity delegation is an act whereby an entity delegates his or her authority to use identity information to another entity. It has most often been implemented in enterprise environments, but previous studies have focused little on the dynamic data and access management model as well as the design from a practical viewpoint. An identity delegation framework is described for using access tokens across security domains. The framework enables fine-grained access control with limited overhead cost for access management and permission assignment for delegated access.