The delegation cannot be partial. This is
unacceptable. The problem is solved by the delegation service by allowing delegation of
proper actions with the appropriate domain (or effective domain).
Delegation Service is a Web service built on WSGrid. It aims to provide an interface to
allow users to transfer a subset of rights to others. Two functionalities exists, ???add a delegation???
and ???withdraw a delegation???. The former method creates a new delegation. In order
to have a new delegation, the delegator has to create a new security token, which is shortlived
and temporarily available. The token associates the information about the identity of
the delegator and the identity of the delegatee (as an option). Because each workspace is
solo, the information concerning the delegation has to be reposited in the personal space. A
record of delegation contains the new token (issued by the delegator), the delegated right,
and the effective domain. For instance, ???user1??? can create a new token ???token@1365782???
for ???user2???, which allows right of access to ???file2??? in ???dir2???. The delegated right in this
case is ???file accessing???. The effective domain is ???dir2/file2???.
In order to perform a delegation creation process, the delegator must be authenticated to
prove his/her identity, because only a valid member within the virtual organization has the
right to delegate.
Pages:
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442