In GateService, the right of decision is returned to the issuers.
They can decide when the delegation should be terminated. Thus, a token can remain valid
until the delegator withdraws the delegation. After the execution of a withdrawal process,
the token and the delegation it represents is withdrawn from the records.
Funct on delDelegat on (delegator- d, token)
f delegator- d s not val d
ex t
f (token) n records
delete (token) from records;
refresh records
Access.Service.for.Delegatees
Access Service is also a Web service. It is designed for the delegatees. In WSGrid, personal
workspaces are not accessible to the users apart from the owner. In order to allow crossspace
access (such as workspace or data set access), a trusted third party has to be involved
to maintain the security for both the delegators and delegatees. Access Service provides
this possibility.
The third party mentioned earlier has the permission (delegated by the system and the space
owner) to access the destination space on behalf of the owner. This access must be based
on the right specified on the token issued in the process of ???add a new delegation???. In the
process of delegation creating, a token containing the delegated right(s) and an effective
domain is generated.
Pages:
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444