Delegation Architecture vs. Trusted Subsystem

Subject: Delegation Architecture vs. Trusted Subsystem
Author: SteveHB
Posted on: 06/02/2006 03:51:35 AM

In the Trusted Subsystem Model, all authentication and authorization for back-end resources occurs on the front-end server, e.g. the IIS Web application server. Typically, this model is used in conjunction with a role-based access control system that authorizes access to application-defined operations based on the user's role. After successfully authenticating and authorizing the user, the Web application server carries out the requested operation on behalf of the user by using a predefined service account, often the Web application process account.

In the Delegation Architecture Model, delegation enables the users credentials to be passed from one server to another. Delegation is the notion that a network resource or service can "flow" the identity of a user who originally authenticated to the service to some other service on the network.

Replies:

When delegation is the must? SteveHB 06/02/2006 03:54:19 AM
What's difference between delegation and impersonation anyway? SteveHB 06/09/2006 01:43:14 AM
When delegation is possible? SteveHB 06/09/2006 01:47:30 AM

References:

Next Post: When delegation is the must? SteveHB 06/02/2006 03:54:19 AM
Previous Post: How to configure IBM WebSEAL to support Kerberos protocol for Single Sign-On (SSO) SteveHB 06/01/2006 07:48:48 PM
Next Topic: Core LDAP Specifications SteveHB 06/12/2006 06:13:00 PM
Previous Topic: How to configure IIS to support Kerberos protocol for Single Sign-On (SSO) SteveHB 06/01/2006 07:44:59 PM
Index: by Date
Index: by Topic