When an object decides to delegate a task to another object (effectively to the CodeExecutor of that object), it creates a delegation certificate. This certificate specifies the initiator, role it is delegating, any constraints that are bound to the delegation, a nonce, validity period and its DelegationServer name for handling queries regarding delegation revocation. A role certificate is associated with the role being delegated, which might contain a set of privileges associated with it.
A delegation certificate is generated using the CodeExecutor as
FromPrincipal and the CodeExecutor of the remoteAdmin
object as the ToPrincipal. Implementations could be based on public
key cryptography using X.509 certificates, as illustrated in Figure
. The associated role (and hence, set of
privileges) is specified in the certificate.
A delegation certificate is issued for every delegation session unless an earlier delegation has been set to remain valid for consecutive sessions. The type of the delegation certificate (SimpleDelegationCert or CascadedDelegationCert) reflects the kind of delegation that is activated for this session. If the delegation is revocable, the end-point makes sure that the delegation certificate is not revoked before it provides access.
: Main Delegation Protocol in SDM
Selection of consecutive delegates is made by an intermediate.
Selected principal (CodeExecutor of the selected object for further
delegation) is verified to be a permitted delegate by invoking the
isPermittedDelegate(Principal) method on the
certificate (DelegationCertificates must implement the Delegation interface shown in Figure ). This
method will scan through the list of exempted delegates (if any) and
accordingly will return a boolean value, indicating whether or not the
principal is a valid delegate.
