| |
When delegation is the must? |
|
|
Subject: When delegation is the must?
Author: SteveHB
In response to: Delegation Architecture vs. Trusted Subsystem
Posted on: 06/02/2006 03:54:19 AM
If the back-end server cares more about the original user than the front-end servers or middle tier servers, delegation is the only solution.
To be short, if you really want to know who put the crap on your desk then delegation is the only game in town.
>
> On 06/02/2006 03:51:35 AM SteveHB wrote:
In the Trusted Subsystem Model, all authentication and authorization for back-end resources occurs on the front-end server, e.g. the IIS Web application server. Typically, this model is used in conjunction with a role-based access control system that authorizes access to application-defined operations based on the user's role. After successfully authenticating and authorizing the user, the Web application server carries out the requested operation on behalf of the user by using a predefined service account, often the Web application process account.
In the Delegation Architecture Model, delegation enables the users credentials to be passed from one server to another. Delegation is the notion that a network resource or service can "flow" the identity of a user who originally authenticated to the service to some other service on the network.
References:
|
|
|
|
